You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Brett Porter (JIRA)" <ji...@codehaus.org> on 2010/12/08 13:48:58 UTC

[jira] Closed: (MNG-4928) mvn --encrypt-master-password is insecure

     [ http://jira.codehaus.org/browse/MNG-4928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brett Porter closed MNG-4928.
-----------------------------

    Resolution: Duplicate
      Assignee: Brett Porter

> mvn --encrypt-master-password is insecure
> -----------------------------------------
>
>                 Key: MNG-4928
>                 URL: http://jira.codehaus.org/browse/MNG-4928
>             Project: Maven 2 & 3
>          Issue Type: Bug
>          Components: Command Line
>    Affects Versions: 2.2.1, 3.0, 3.0.1
>            Reporter: Greg Wilkins
>            Assignee: Brett Porter
>
> gregw@Brick: ~
> [506] mvn --encrypt-master-password something-very-very-secret
> {zfC2klZItekHCPGwE+R0JZ2+RjyDlqxP343ThV0R3B5taWEHbI5t+QGfXOZ0mq9j}
> gregw@Brick: ~
> [507] history 2
>   506  mvn --encrypt-master-password something-very-very-secret
>   507  history 2
> commands that take passwords should not accept them from the command line, as they are then visible in history and even in some PS output. They should prompt for passwords with echo turned off.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira