+1 on the command-line approach. There was a bit of a debate around it when it was proposed for the framework auth but its simplicity outweighed potential security concerns.
On Tue, Sep 16, 2014 at 10:34 AM, Kevin Sweeney <kevi...@apache.org> wrote: > There's precedent to take secrets as a properties file on the command-line > (-framework_authentication_file), my vote is that we follow that. > > On Tue, Sep 16, 2014 at 10:17 AM, Joshua Cohen <jco...@twitter.com.invalid> > wrote: > >> Providing the password directly via the command line seems like it would be >> a security issue (anyone who can `ps` on the box could see the password?). >> Is there something I'm missing? Would it be possible (and if so, would it >> be desirable?) to start up the web console as a user who only has read >> access to the database? If we're only worried about someone tinkering with >> the data, but not worried about locking down read access that might be a >> cleaner solution. >> >> On Tue, Sep 16, 2014 at 9:58 AM, Bill Farner <wfar...@apache.org> wrote: >> >> > Since beginning migration of the internal database to H2, i've wanted to >> > include the H2 web console [1] as a means for debugging the internal >> > scheduler state. If we do that, we need to password-protect the database >> > to prevent unauthorized tinkering. >> > >> > Does anybody have a preference for where the scheduler gets that >> password? >> > The obvious choices are directly on the command line, or from a file >> > referenced on the command line. However, i'm open to ideas i haven't >> > thought of. >> > >> > [1] http://www.h2database.com/html/quickstart.html#h2_console >> > (ignore the windows/launching instructions - we will embed it as a >> servlet) >> > >> > >> > -=Bill >> > >>
