We have done a lot of single sign-on implementations over the years.
Mostly around getting access to remote servers to launch instructional
content from an LMS or getting transparently logged into remote LMS portals.
There are lots of "standard" ways to do this which is almost as bad as
not having standards.
A little off topic for the Maven list.
Ron
On 24/05/2012 8:23 AM, Will Hoover wrote:
Yeah, the last option where we have the user provide a password is where
we're currently headed. Thanks for your input!
-----Original Message-----
From: Ron Wheeler [mailto:rwhee...@artifact-software.com]
Sent: Wednesday, May 23, 2012 2:21 PM
To: users@maven.apache.org
Subject: Re: How can I eliminate these embedded username and password
entries?
I used invisible ink.
You are right that the passwords are in clear text in the JNDI but they
are in a place where they are not supposed to be visible to anyone
except the system administrator.
For desktop applications, you can embed the passwords in the code and
hope that the customers do not reverse engineer or you can provide a
service that the desktop client can call to get a password from your
server to use to unlock the database on their workstation.
If your installation procedure can get a password from the user and use
that for the database, then you are at least giving the user a private
password that will not be any good on another client's database.
It all depends on what use case you are trying to handle.
Ron
On 23/05/2012 12:18 PM, Will Hoover wrote:
Was there a reply in there that I'm overlooking?
-----Original Message-----
From: Ron Wheeler [mailto:rwhee...@artifact-software.com]
Sent: Wednesday, May 23, 2012 11:50 AM
To: users@maven.apache.org
Subject: Re: How can I eliminate these embedded username and password
entries?
On 23/05/2012 10:33 AM, Will Hoover wrote:
Great posts! Thank you! My only concern with the proposed solutions are
the
following:
1) Remote resources, scripts, etc. are great for internal network
deployments (or "ships") such as web applications, but what about desktop
or
mobile applications that are self contained?
2) Even with JNDI and other solutions... at some point the passwords
still
reside in clear-text format, right?
BTW, I agree that this should be outside the scope of Maven
responsibilities. I'm just looking for input from other Maveneers and
what
measures they have taken to tackle this issue :)
-----Original Message-----
From: Ron Wheeler [mailto:rwhee...@artifact-software.com]
Sent: Wednesday, May 23, 2012 9:54 AM
To: users@maven.apache.org
Subject: Re: How can I eliminate these embedded username and password
entries?
This has come up so often I wrote some blogs on it.
http://blog.artifact-software.com/tech/?tag=jndi
On 23/05/2012 9:05 AM, Barrie Treloar wrote:
On Wed, May 23, 2012 at 10:23 PM, Will Hoover<java.whoo...@gmail.com>
wrote:
This is an interesting topic of interest. We would like to do a similar
thing with our DB passwords that are in our POMs. Are there any other
options other than the ones described?
Search the archives.
External Resources used at Runtime (rather than build time) are either
stored in JNDI or in property files which are loaded on the classpath.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
--
Ron Wheeler President Artifact Software Inc email:
rwhee...@artifact-software.com skype: ronaldmwheeler phone:
866-970-2435, ext 102
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
