[jira] Created: (MANTRUN-134) Prevent passwords (or any 'secret' data) to go into maven-build.properties

Mon, 03 May 2010 07:50:40 -0700 

Prevent passwords (or any 'secret' data) to go into maven-build.properties
--------------------------------------------------------------------------

                 Key: MANTRUN-134
                 URL: http://jira.codehaus.org/browse/MANTRUN-134
             Project: Maven 2.x Antrun Plugin
          Issue Type: Wish
    Affects Versions: 1.3, 1.2, 1.1, 1.0, 1.4
         Environment: NA
(FYI: eclipse, maven 2, windows)
            Reporter: Etienne


Hi,

  I'm the main developper of jupload, an open-source project hosted on 
sourceforge. (FYI: an applet, which helps sending files to the server).

 This applet needs to be signed, thus I need to store on the local 
configuration two properties: the file containing the keystore, and its 
password. In my case, these properties are stored in a specific profilen named 
'jupload', in the settings.xml.



  These properties must remain secret.


  I currently want to use your (nice!) ant plugin, to allow non mavenized users 
to work on the applet.

But ...


... when using the ant:ant goal, all available properties are stored into the 
maven-build.properties file. So I must be careful, not to through my keystore 
password away.


 So, my wish is: have a way to hide 'secret' properties. 
I see several way to do this, without knowing what is feasible:
1) Prevent the ant:ant goal to capture properties. These properties could be 
managed like the build.xml file: have a maven-build.properties (with maven and 
project properties), and another properties file. This last file would be 
created once, like the build.properties, and would be overriden only with a 
specific configuration parameter, like the build.xml file.
2) Disallow the profile 'jupload', which contain the password. Would be the 
better, as it would also work if I create additionnaly properties there.
3) Allow to undefine properties. A message could be add into the 
maven-build.properties, to list the properties that must be defined locally, as 
an ant property for instance.
4) Have a way to filter properties, based on their name or by a regular 
expression (like jupload.* for instance)

Etienne

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to