maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konrad Windszus (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MNG-4099) Password encryption CLI switches should prompt for password if missing
Date Mon, 04 Apr 2016 18:11:25 GMT

    [ https://issues.apache.org/jira/browse/MNG-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15224688#comment-15224688
] 

Konrad Windszus commented on MNG-4099:
--------------------------------------

Minor improvement for the tips section

Instead of 
{quote}
Prompting for Password

In Maven before version 3.2.1 you have to give the password on command line which means you
might need to escape your password etc. and might cause problems related to the history funcitonality
of your command line processor.

Starting with Maven 3.2.1 the password is an optional argument which means if you omit the
password you will be prompted for the password which can prevent many problems with escaping
the password and history issues as well.

So we strongly recomment to use Maven 3.2.1 and above to prevent problems with escaping special
characters and of course security issues related to bash history or environment issues in
relationship with the password.
{quote}

I would rather say
{quote}
Prompting for Password

In Maven before version 3.2.1 you have to give the password on command line as argument which
means you might need to escape your password. In addition usually the shell stores the full
history of commands you have entered, therefore anyone with access to your computer could
restore the password from the shell`s history.

Starting with Maven 3.2.1 the password is an optional argument which means if you omit the
password you will be prompted for it which prevents all the issues mentioned above.

Therefore we strongly recommend to use Maven 3.2.1 and above to prevent problems with escaping
special characters and of course security issues related to bash history or environment issues
in relationship with the password.
{quote}

> Password encryption CLI switches should prompt for password if missing
> ----------------------------------------------------------------------
>
>                 Key: MNG-4099
>                 URL: https://issues.apache.org/jira/browse/MNG-4099
>             Project: Maven
>          Issue Type: Improvement
>          Components: Command Line
>    Affects Versions: 2.1.0
>            Reporter: Mark Hobson
>            Assignee: Robert Scholte
>            Priority: Trivial
>             Fix For: 3.2.1
>
>
> The -emp and -ep CLI switches should prompt for a password if the user omits it.  This
would help to avoid having to escape shell characters in strong passwords.
> Note that the docs mention that these switches prompt for a password when they do not:
> http://maven.apache.org/guides/mini/guide-encryption.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message