You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "JQ (JIRA)" <ji...@apache.org> on 2015/04/10 23:31:12 UTC
[jira] [Commented] (SCM-764) username and credentials shown as INFO
on commadline
[ https://issues.apache.org/jira/browse/SCM-764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14490399#comment-14490399 ]
JQ commented on SCM-764:
------------------------
Hello,
The username and password are still being included in 1.9.4 when jgit is being used as the git provider:
{code}
build 10-Apr-2015 14:04:46 [DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-scm-plugin:1.9.4:tag' with basic configurator -->
build 10-Apr-2015 14:04:46 [DEBUG] (f) addTimestamp = false
build 10-Apr-2015 14:04:46 [DEBUG] (f) basedir = /path/to/build/directory
build 10-Apr-2015 14:04:46 [DEBUG] (f) connectionType = connection
build 10-Apr-2015 14:04:46 [DEBUG] (s) connectionUrl = scm:git:https://host.address/scm/repo/repo.git
build 10-Apr-2015 14:04:46 [DEBUG] (f) developerConnectionUrl = scm:git:https://host.address/scm/repo/repo.git
build 10-Apr-2015 14:04:46 [DEBUG] (f) providerImplementations = {git=jgit}
build 10-Apr-2015 14:04:46 [DEBUG] (f) pushChanges = true
build 10-Apr-2015 14:04:46 [DEBUG] (f) remoteTagging = true
build 10-Apr-2015 14:04:46 [DEBUG] (f) settings = org.apache.maven.execution.SettingsAdapter@213b0eef
build 10-Apr-2015 14:04:46 [DEBUG] (f) tag = blah-0.0.99-24
build 10-Apr-2015 14:04:46 [DEBUG] (f) timestampFormat = yyyyMMddHHmmss
build 10-Apr-2015 14:04:46 [DEBUG] (f) timestampPosition = end
build 10-Apr-2015 14:04:46 [DEBUG] (f) timestampPrefix = -
build 10-Apr-2015 14:04:46 [DEBUG] -- end configuration --
build 10-Apr-2015 14:04:46 [INFO] Change the default 'git' provider implementation to 'jgit'.
build 10-Apr-2015 14:04:46 [INFO] Final Tag Name: 'blah-0.0.99-24'
build 10-Apr-2015 14:04:47 [INFO] push tag [blah-0.0.99-24] to remote...
build 10-Apr-2015 14:04:47 [INFO] fetch url: https://foo:whoathere!@host.address/scm/repo/repo.git
build 10-Apr-2015 14:04:47 [INFO] push url: https://foo:whoathere!@host.address/scm/repo/repo.git
build 10-Apr-2015 14:04:48 [INFO] OK - RemoteRefUpdate[remoteName=refs/tags/blah-0.0.99-24, OK, (null)...a273fcdfa66fdcb925434fa6767038242d53d20d, fastForward, srcRef=refs/tags/blah-0.0.99-24, message=null]
{code}
> username and credentials shown as INFO on commadline
> ----------------------------------------------------
>
> Key: SCM-764
> URL: https://issues.apache.org/jira/browse/SCM-764
> Project: Maven SCM
> Issue Type: Bug
> Components: maven-scm-provider-git
> Environment: Apache Maven 3.2.1 (ea8b2b07643dbb1b84b6d16e1f08391b666bc1e9; 2014-02-14T18:37:52+01:00)
> Maven home: D:\Dev\maven\apache-maven-3.2.1
> Java version: 1.7.0_51, vendor: Oracle Corporation
> Java home: D:\Dev\Java\jdk7_51_x64\jre
> Default locale: de_DE, platform encoding: Cp1252
> OS name: "windows 7", version: "6.1", arch: "amd64", family: "windows"
> Reporter: Thomas Wabner
> Assignee: Olivier Lamy (*$^¨%`£)
> Fix For: 1.9.4
>
>
> Using git repository with gitblit on HTTPS.
> Every git command which involve the remote repository (like fetch, pull, push and so on) showing the username and credentials on the commandline like this:
> [INFO] Executing: cmd.exe /X /C "git push https://user:secret@devserver/gitblit//r/waffel/devopts.git test-branch"
> It should be avoided to ever print out passwords on the command line. I have encrypted the password in maven settings.xml ... but now it comes back and anybody can see them (also on a continues build server which should push with a dedicated user to a central repo).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)