Comments (7)
I have to read again the Snarl guidelines but this random password using the same application id seems like a bad idea for multiple instances of the same application.
Using a random app-sig could do the trick but what about customisation (I don't have a windows box with Snarl actually to verify) ? You can configure how notification works per application with Snarl ?
Maybe we can register/unregister the application just before/after sending the notification, it will limit the risk of multiple registration and the ctrl-c problem. In the maven-notifier case we only send one notification anyway.
Thanks for the detailed report !
I'll have time to deal with it in two weeks or so.
from maven-notifier.
If you want to test on windows you can always download a VM image here: http://dev.modern.ie/tools/vms/windows/. They are valid for 3 months until windows complain you do not have a valid key and then you need to start from scratch again. They are normally meant to test web applications under different IE versions but you can use them anyway.
Regarding customisation, I don't think we can customise it. I'm new to snarl but I cannot see anything regarding maven. You can customise plugins but I don't know where/how to customise registered applications.
If I understand the password correctly, this is to prevent another application from impersonating you. So hard-coding a password wouldn't work as it is an open source project. What about adding a property in the maven-notifier.properties file to set the password to use? This way it becomes the responsibility of the user to secure his file.
So you wouldn't need to modify the app-sig and you can leave the app registered all the time.
Let me know if you like this idea, I might have time to work on it and submit a PR.
from maven-notifier.
If there is really no way to customize Snarl by application, generating a unique application id per run should not be a big deal. Even if the application is not unregistered (ctrl-c or whatever), Snarl has a garbage collector to remove old registered applications. It seems like a quick win.
Else your proposition is a good way to go. Also I would like to have a default configuration which works without user configuration (so maybe in that case I would remove the generated password).
Note that there is a protection in Snarl where the user is asked to define a global password to grant access to application(s) but when I tried to configure it back at the time, it has never worked.
I'm not at home (without my laptop, that's why I don't have windows vm :p) so I didn't have much time to look at it right now but If you're willing to implement the patch I'll be glad to merge it when I'll be back !
Thanks !
from maven-notifier.
Holidays are over, so I got time to look into it.
There is a way in Snarl to configure how notifications are displayed per application. This is in Snarl Preferences, the Applications tab. So we can't generate a random appsig per Maven launch. It would disable user customization.
So I have implemented your suggestion. By default no application password is set, this is let to user discretion. This is not perfect neither since any "malicious" application could just read the password in maven-notifier.properties
but it should be ok for now :)
from maven-notifier.
Fixed in v1.8
from maven-notifier.
Thanks,
Sorry I was on paternity leave so I didn't get a chance to try it before. It seems to fix all the problems I had thanks
from maven-notifier.
Cool !
Thanks again for your time.
from maven-notifier.
Related Issues (20)
- fails under mvnd HOT 9
- performance HOT 1
- time is not correct with mvnd
- Mac OS X - Terminal / Java window HOT 6
- request: plugin usage
- No notification sound with KDialog
- Notifications with notifu does not work for onFailWithoutProject HOT 4
- "build successful" notifications steal focus from the terminal HOT 3
- build notifications are not sent after installing according to instructions in README HOT 11
- [DepShield] (CVSS 5.9) Vulnerability due to usage of com.google.guava:guava:18.0
- [DepShield] (CVSS 5.9) Vulnerability due to usage of com.squareup.okhttp:okhttp:2.0.0-RC1
- [DepShield] (CVSS 7.5) Vulnerability due to usage of org.jboss.netty:netty:3.2.1.Final
- [DepShield] (CVSS 8.1) Vulnerability due to usage of org.beanshell:bsh:2.0b4
- Configure notification duration HOT 2
- [DepShield] (CVSS 9.8) Vulnerability due to usage of org.codehaus.plexus:plexus-utils:2.0.6
- DepShield encountered errors while building your project
- Unable to provision, see the following errors: HOT 2
- Migrate LGTM.com installation from OAuth to GitHub App HOT 1
- notifier.system-tray.wait ignored
- mosquitto support HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from maven-notifier.