Okay, that makes sense, and your argument about acceptable risk is compelling - thanks.
(The password concerned isn't critical - I just fancied hiding it for the sake of neatness :) ) From: Stefan Bodewig <bode...@apache.org> To: user@ant.apache.org, Date: 30/08/2013 12:07 Subject: Re: Secure input handler On 2013-08-30, Tom Cleghorn wrote: > When using the secure input handler - e.g.: > <input message="enter pass" addproperty="pwd" defaultvalue="NULL"> > <handler type="secure"/> > </input> > ...the build hides the keyboard input as expected. However, if I run ant > with -d, the next line of console output is "Setting project property: pwd > -> pass"! > This seems less than ideal - is it by design, and are there any steps I > can take to prevent it? I'd prefer not to write an input handler of my own > if I can possibly avoid it, but is that going to be the only option? If if you'd write an input handler of your own, it wouldn't help. The debug output is produced when the property is set. If you set a property - which is what input does - then its value will not only get logged at the debug level but also is available to all other tasks running inside the same Ant project (this could be meliorated by using local properties, but still). So using properties at all is not a good idea for something that is critical enough that you wouldn't want to leak it into debug output. Most of the time the person that provides the input is the same person that starts Ant and has control over the log output, the risk may be acceptable in many cases. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@ant.apache.org For additional commands, e-mail: user-h...@ant.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@ant.apache.org For additional commands, e-mail: user-h...@ant.apache.org
