开发者

Maven Security Concerns

Are there security concerns with using Maven? I use Ant today for my main project, but I do use Maven for my "samples" project where I write program spikes. I do开发者_高级运维 like some parts of Maven, but have a concern with downloading my jars through the tool. Is this an unfounded concern? How secure is "http://repo1.maven.org/maven2/"? Is there a more secure way of using the tool?

Thanks.


It's pretty secure and standard. If ever the security of http://repo1.maven.org/maven2/ is compromised, there will have big repercussion in Java devs. I never heard that this site is hacked.

That said, you are not bounded by default repository. You can configure your own repository using Nexus, Artifactory and install safe artifacts manually to them. You may also block remote repositories using Nexus/Artifactory setting. Although, I never needed to do this. But look here, perhaps it's possible.

Please note that you will have to block your local repository to use "repo1", else the local repository will download artifacts from there by default.

Edit 1: added missing link

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜