maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett Porter (JIRA)" <>
Subject [jira] Updated: (MNG-553) Secure Storage of Server Passwords
Date Wed, 04 Mar 2009 14:47:14 GMT


Brett Porter updated MNG-553:

    Issue Type: New Feature  (was: Improvement)

> Secure Storage of Server Passwords
> ----------------------------------
>                 Key: MNG-553
>                 URL:
>             Project: Maven 2
>          Issue Type: New Feature
>          Components: Settings
>    Affects Versions: 2.0-alpha-3
>         Environment: Although it may not be relevant since this is a general improvement
issue, Windows XP, JDK 1.4.1.
>            Reporter: J. Michael McGarr
>            Assignee: Oleg Gusakov
>            Priority: Critical
>             Fix For: 2.1.0, 3.0-alpha-3
>         Attachments: MNG-553.patch
> This was a question pose to the Maven User's Group and it was suggested I add it here.
> It would be benefitial to provide a more secure means of storing password's to the servers
listed in the .m2/settings.xml.  They are currently being stored as plain text and could definately
be considered a security breach.  Numerous organizations would undoubtedly considered this
an unacceptable security risk, and this could prevent widespread adoption of Maven2.
> I would suggest leaving an option to encrypt the password into the settings file (more
secure, but not foolproof) or even requiring the password to be manually provided per build
(would prevent automation of builds).  I am sure that there is a secure solution to this problem
and it should be part of the 2.0 release.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message