You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by kh...@apache.org on 2016/04/04 20:16:15 UTC
svn commit: r1737714 -
/maven/site/trunk/content/apt/guides/mini/guide-encryption.apt
Author: khmarbaise
Date: Mon Apr 4 18:16:15 2016
New Revision: 1737714
URL: http://svn.apache.org/viewvc?rev=1737714&view=rev
Log:
Improved recommendation about using password prompting
Modified:
maven/site/trunk/content/apt/guides/mini/guide-encryption.apt
Modified: maven/site/trunk/content/apt/guides/mini/guide-encryption.apt
URL: http://svn.apache.org/viewvc/maven/site/trunk/content/apt/guides/mini/guide-encryption.apt?rev=1737714&r1=1737713&r2=1737714&view=diff
==============================================================================
--- maven/site/trunk/content/apt/guides/mini/guide-encryption.apt (original)
+++ maven/site/trunk/content/apt/guides/mini/guide-encryption.apt Mon Apr 4 18:16:15 2016
@@ -74,8 +74,7 @@
mvn --encrypt-master-password <password>
+------------------------------------+
- <Note:> Since Maven 3.2.1 the password is an optional argument. If not provided, Maven will prompt for the password.
- Earlier versions of Maven will not prompt for a password, so it must be typed on the command-line in plaintext. See {{{Tips}Tips}} below for more information.
+ <Note:> Since Maven 3.2.1 the password argument should no longer be used (see {{{Tips}Tips}} below for more information). Maven will prompt for the password. Earlier versions of Maven will not prompt for a password, so it must be typed on the command-line in plaintext.
This command will produce an encrypted version of the password, something like
@@ -101,8 +100,8 @@ mvn --encrypt-master-password <password>
mvn --encrypt-password <password>
+------------------------------------+
- <Note:>Just like <<<--encrypt-master-password>>> the password argument is optional since Maven 3.2.1.
-
+ <Note:>Just like <<<--encrypt-master-password>>> the password argument should no longer be used since Maven 3.2.1 (see {{{Tips}Tips below for more information.}}).
+
This command will produce an encrypted version of it, something like
+------------------------------------+
@@ -244,15 +243,16 @@ mvn.bat --encrypt-master-password "a!$%^
** Prompting for Password
- In Maven before version 3.2.1 you have to give the password on command line which
- means you might need to escape your password etc. and might cause problems
- related to the history funcitonality of your command line processor.
-
- Starting with Maven 3.2.1 the password is an optional argument which means if you omit
- the password you will be prompted for the password which can prevent many problems
- with escaping the password and history issues as well.
-
- So we strongly recomment to use Maven 3.2.1 and above to prevent problems with
- escaping special characters and of course security issues related to bash
- history or environment issues in relationship with the password.
-
+ In Maven before version 3.2.1 you have to give the password on command line as
+ argument which means you might need to escape your password. In addition
+ usually the shell stores the full history of commands you have entered,
+ therefore anyone with access to your computer could restore the password from
+ the shell`s history.
+
+ Starting with Maven 3.2.1 the password is an optional argument which means if
+ you omit the password you will be prompted for it which prevents all the issues
+ mentioned above.
+
+ Therefore we strongly recommend to use Maven 3.2.1 and above to prevent
+ problems with escaping special characters and of course security issues related
+ to bash history or environment issues in relationship with the password.