On 20/06/06, Rebhan, Gilbert <[EMAIL PROTECTED]> wrote:
But remember, if someone runs ant in -debug mode, he will see your password in stdout or logifle !! Regards, Gilbert -----Original Message----- From: Venkatesh Vijayakumar04 [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 5:00 AM To: Ant Users List Subject: RE: Ant tasks to encrypt or decrypt passwords from propertyfiles Hi, Try the following Write a separate encryption java program Write a separate decryption java program in such a way that when the program is executed, it will refer the encrypted password stored in the property file and gives the clear text password which is the output will be stored in a separate property file. In your case, you will be having the encrypted password in property file so compile and run the decryption java program from ant using javac and java task in ant. As a result of the above step a property file with clear text password will be stored. Load the value of the property file in a property using loadproperty task in ant Delete the password property file immediately. Refer the property name for subsequent build of password. Thanks Venkatesh.V -----Original Message----- From: Anderson, Rob (Global Trade) [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 4:09 AM To: Ant Users List Subject: RE: Ant tasks to encrypt or decrypt passwords from propertyfiles In many cases your best option is probably to prompt the user for the password using the input task. This solves the problem of storing the password in plain text in a file, but it requires that the user interact with the ant build. Another option is to pass in the password on the command line: ant -Dpassword=something target This is less desirable since another user could run ps -ef and see the password in the process list (on unix). -Rob A > -----Original Message----- > From: Alexey N. Solofnenko [mailto:[EMAIL PROTECTED] > Sent: Monday, June 19, 2006 1:20 PM > To: Ant Users List > Subject: Re: Ant tasks to encrypt or decrypt passwords from > property files > > This can be done by requiring a key store in user home. Only > people that have some special certificates, can > encrypt/decrypt date (SSH style security). The decryption can > be easily done with <scriptdef>. This is a corresponding Java code: > > SecretKeySpec skeySpec=new > SecretKeySpec(readAll("key"), "AES"); > Cipher cipher=Cipher.getInstance("AES"); > cipher.init(Cipher.DECRYPT_MODE, skeySpec); > > String value=new String(cipher.doFinal(buffer), "UTF-8") > > It would be trivial to write a wrapper code for ANT. buffer > has to be a byte array. I would suggest using binhex conversion. > > - Alexey. > > Dominique Devienne wrote: > >> we would be interested in encrypting. > > > > But then it's a chicken-and-egg problem, no? > > > > Where are you going to store the passwords to decrypt the passwords > > read from properties files? --DD > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional > > commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] **************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS******** End of Disclaimer ********INFOSYS*** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Hi to everybody, Venkatesh's solutions seems very interesting, and as to danch I think that mounting and unmounting is secure enough, although a bit complicated, as ant is used for build automation, and you don't get much automation with this approach. My personal opinion is that in this case you can't get 100% security. I would personally use base64 encryption to store the passwords in a temporary property file(there is a good command-line utility on [2] for this), and then load them. Also another approach to this is, as Rob suggested, to prompt the user to enter his password when needed. Ivan Ivanov on [1] showed how we can extend ant's input abilities in a way to mask the text being typed. Hope that helps. [1] https://sourceforge.net/project/showfiles.php?group_id=103509 [2] http://www.fourmilab.ch/webtools/base64/ -- Regards, Petar! Karlovo, Bulgaria. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
