Maven安全问题 [英] Maven Security Concerns

问题描述

使用Maven是否存在安全问题?今天，我将Ant用于主要项目，但将Maven用于编写程序尖峰的示例"项目.我确实喜欢Maven的某些部分，但担心要通过该工具下载我的jar.这是没有根据的担心吗? "http://repo1.maven.org/maven2/"的安全性如何?有使用该工具的更安全方法吗?

Are there security concerns with using Maven? I use Ant today for my main project, but I do use Maven for my "samples" project where I write program spikes. I do like some parts of Maven, but have a concern with downloading my jars through the tool. Is this an unfounded concern? How secure is "http://repo1.maven.org/maven2/"? Is there a more secure way of using the tool?

谢谢.

推荐答案

这是非常安全和标准的.如果 http://repo1.maven.org/maven2/的安全性受到损害，将会对Java开发人员有很大的影响.我从没听说过这个网站被黑了.

It's pretty secure and standard. If ever the security of http://repo1.maven.org/maven2/ is compromised, there will have big repercussion in Java devs. I never heard that this site is hacked.

也就是说，您不受默认存储库的限制.您可以使用 Nexus ，此处，也许

That said, you are not bounded by default repository. You can configure your own repository using Nexus, Artifactory and install safe artifacts manually to them. You may also block remote repositories using Nexus/Artifactory setting. Although, I never needed to do this. But look here, perhaps it's possible.

请注意，您必须阻止本地存储库才能使用"repo1"，否则本地存储库将默认从那里下载工件.

Please note that you will have to block your local repository to use "repo1", else the local repository will download artifacts from there by default.

编辑1 :添加了缺少的链接

这篇关于Maven安全问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！