You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Julien Nicoulaud (JIRA)" <ji...@codehaus.org> on 2010/09/27 23:20:32 UTC
[jira] Commented: (MNG-4099) Password encryption CLI switches
should prompt for password if missing
[ http://jira.codehaus.org/browse/MNG-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=236639#action_236639 ]
Julien Nicoulaud commented on MNG-4099:
---------------------------------------
It is a security issue too, passing passwords in the command line is not secure as one could browse shell history afterwards. Most commands such as ssh do not allow it.
> Password encryption CLI switches should prompt for password if missing
> ----------------------------------------------------------------------
>
> Key: MNG-4099
> URL: http://jira.codehaus.org/browse/MNG-4099
> Project: Maven 2 & 3
> Issue Type: Improvement
> Components: Command Line
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Priority: Trivial
> Fix For: 3.x / Backlog
>
>
> The -emp and -ep CLI switches should prompt for a password if the user omits it. This would help to avoid having to escape shell characters in strong passwords.
> Note that the docs mention that these switches prompt for a password when they do not:
> http://maven.apache.org/guides/mini/guide-encryption.html
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira