You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Robert Scholte (JIRA)" <ji...@codehaus.org> on 2013/05/27 23:23:52 UTC
[jira] (MDEPLOY-129) Need a way to specify repository credentials
securely for deploy operations
[ https://jira.codehaus.org/browse/MDEPLOY-129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Scholte closed MDEPLOY-129.
----------------------------------
Resolution: Cannot Reproduce
Assignee: Robert Scholte
The quote that encrypted passwords are not supported by Maven could be found here:
http://maven.apache.org/plugins-archives/maven-deploy-plugin-2.5/usage.html
For next versions of the maven-deploy-plugin this has been rewritten, so it is not an issue anymore.
> Need a way to specify repository credentials securely for deploy operations
> ---------------------------------------------------------------------------
>
> Key: MDEPLOY-129
> URL: https://jira.codehaus.org/browse/MDEPLOY-129
> Project: Maven 2.x and 3.x Deploy Plugin
> Issue Type: Improvement
> Components: deploy:deploy-file
> Affects Versions: 2.4, 2.5
> Environment: All
> Reporter: Rick Herrick
> Assignee: Robert Scholte
> Priority: Minor
> Labels: contributers-welcome, documentation
>
> Currently, credentials for performing a deployment must be specified in the settings.xml. However, if a Maven repository is set to use LDAP for its authentication mechanism, this means exposing domain security credentials in plaintext in a static file on the hard drive and is _extremely_ insecure (as specified in the documentation: "Unfortunately, Maven doesn't currently support hashed or encrypted passwords in the settings.xml"). This is simply not workable in a secure environment, e.g. government, defense, financial, etc.
> Instead there should be an option to provide these credentials on the command line or using hash or encryption algorithms.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira