maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Wilkins (JIRA)" <j...@codehaus.org>
Subject [jira] Created: (MNG-4928) mvn --encrypt-master-password is insecure
Date Wed, 08 Dec 2010 11:40:57 GMT
mvn --encrypt-master-password is insecure
-----------------------------------------

                 Key: MNG-4928
                 URL: http://jira.codehaus.org/browse/MNG-4928
             Project: Maven 2 & 3
          Issue Type: Bug
          Components: Command Line
    Affects Versions: 3.0.1, 3.0, 2.2.1
            Reporter: Greg Wilkins


gregw@Brick: ~
[506] mvn --encrypt-master-password something-very-very-secret
{zfC2klZItekHCPGwE+R0JZ2+RjyDlqxP343ThV0R3B5taWEHbI5t+QGfXOZ0mq9j}

gregw@Brick: ~
[507] history 2
  506  mvn --encrypt-master-password something-very-very-secret
  507  history 2

commands that take passwords should not accept them from the command line, as they are then
visible in history and even in some PS output. They should prompt for passwords with echo
turned off.






-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message