This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Java card projects use a keystore for signing. Keystores may have an overall password. There needs to be a field in the security customizer for this info. This raises a security issue: Open questions - Anki, please clarify. Do we: 1. Store the password in the clear in project.properties (will be shared in version control and can be read by anyone who checks the project out or gets its source code) 2. Store the password with breakable obfuscation in project.properties - i.e. base64 or something (will be shared in version control and can be read by anyone who checks the project out or gets its source code) 3. Store the password with strong encryption in project.properties - (will be shared in version control and can be read by anyone who checks the project out or gets its source code) -however, the private key will need to be embedded in NetBeans and available to Ant tasks, so this is just obfuscation - somebody who really wants to can find the key 4. Store the password in the clear in nbproject/private/private.properties (will NOT be shared in version control, but anyone who wants to build the project needs to get the password from someone else or change the keystore used). Someone with access to the machine w/ the password will be able to read the password. 5. Store the password with breakable obfuscation in nbproject/private/private.properties (will NOT be shared in version control, but anyone who wants to build the project needs to get the password from someone else or change the keystore used). Someone with access to the machine w/ the password will be able to copy the munged password.
Fixed in changeset 250b7f20de16 - build-script support (issue 171017 pending).
Integrated into 'main-golden', will be available in build *200908311509* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main-golden/rev/250b7f20de16 User: Tim Boudreau <tboudreau@netbeans.org> Log: #170647, #170650, #170652 - project properties support for keystore alias and master/alias password. Build script support pending.