svn commit: r1737714 - /maven/site/trunk/content/apt/guides/mini/guide-encryption.apt

[kh...@apache.org]

Author: khmarbaise
Date: Mon Apr  4 18:16:15 2016
New Revision: 1737714

URL: http://svn.apache.org/viewvc?rev=1737714&view=rev
Log:
Improved recommendation about using password prompting

Modified:
    maven/site/trunk/content/apt/guides/mini/guide-encryption.apt

Modified: maven/site/trunk/content/apt/guides/mini/guide-encryption.apt
URL: http://svn.apache.org/viewvc/maven/site/trunk/content/apt/guides/mini/guide-encryption.apt?rev=1737714&r1=1737713&r2=1737714&view=diff
==============================================================================
--- maven/site/trunk/content/apt/guides/mini/guide-encryption.apt (original)
+++ maven/site/trunk/content/apt/guides/mini/guide-encryption.apt Mon Apr  4 18:16:15 2016
@@ -74,8 +74,7 @@
 mvn --encrypt-master-password <password>
 +------------------------------------+
 
- <Note:> Since Maven 3.2.1 the password is an optional argument. If not provided, Maven will prompt for the password. 
-         Earlier versions of Maven will not prompt for a password, so it must be typed on the command-line in plaintext. See {{{Tips}Tips}} below for more information.
+ <Note:> Since Maven 3.2.1 the password argument should no longer be used (see {{{Tips}Tips}} below for more information). Maven will prompt for the password. Earlier versions of Maven will not prompt for a password, so it must be typed on the command-line in plaintext.
 
  This command will produce an encrypted version of the password, something like
 
@@ -101,8 +100,8 @@ mvn --encrypt-master-password <password>
 mvn --encrypt-password <password>
 +------------------------------------+
 
-  <Note:>Just like <<<--encrypt-master-password>>> the password argument is optional since Maven 3.2.1.
-  
+  <Note:>Just like <<<--encrypt-master-password>>> the password argument should no longer be used since Maven 3.2.1 (see {{{Tips}Tips below for more information.}}).
+
   This command will produce an encrypted version of it, something like
 
 +------------------------------------+
@@ -244,15 +243,16 @@ mvn.bat --encrypt-master-password "a!$%^
 
 ** Prompting for Password
 
-  In Maven before version 3.2.1 you have to give the password on command line which
-  means you might need to escape your password etc. and might cause problems
-  related to the history funcitonality of your command line processor.
-
-  Starting with Maven 3.2.1 the password is an optional argument which means if you omit
-  the password you will be prompted for the password which can prevent many problems
-  with escaping the password and history issues as well. 
-
-  So we strongly recomment to use Maven 3.2.1 and above to prevent problems with 
-  escaping special characters and of course security issues related to bash
-  history or environment issues in relationship with the password.
-
+  In Maven before version 3.2.1 you have to give the password on command line as
+  argument which means you might need to escape your password. In addition
+  usually the shell stores the full history of commands you have entered,
+  therefore anyone with access to your computer could restore the password from
+  the shell`s history.
+
+  Starting with Maven 3.2.1 the password is an optional argument which means if
+  you omit the password you will be prompted for it which prevents all the issues
+  mentioned above.
+
+  Therefore we strongly recommend to use Maven 3.2.1 and above to prevent
+  problems with escaping special characters and of course security issues related
+  to bash history or environment issues in relationship with the password.