You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2022/01/10 11:16:00 UTC

[jira] [Comment Edited] (MNG-5512) Deploy uses passwords that failed decryption; retries even if login fails

    [ https://issues.apache.org/jira/browse/MNG-5512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17471888#comment-17471888 ] 

Michael Osipov edited comment on MNG-5512 at 1/10/22, 11:15 AM:
----------------------------------------------------------------

Yes, but should immediately fail the build. I agree, but both aren't related. Let me check the code statically whether decryption fails the build.


was (Author: michael-o):
Yes, but should immediately fail the build. I agree, but both aren't related.

> Deploy uses passwords that failed decryption; retries even if login fails
> -------------------------------------------------------------------------
>
>                 Key: MNG-5512
>                 URL: https://issues.apache.org/jira/browse/MNG-5512
>             Project: Maven
>          Issue Type: Bug
>            Reporter: Sebb
>            Priority: Major
>             Fix For: waiting-for-feedback
>
>         Attachments: mng5512.zip
>
>
> [See MDEPLOY-130 which was closed as being an issue in Maven core]
> If passwords have been encrypted, deploy fails to notice if the password decryption failed.
> Furthermore, it carries on trying to login even after a login failure.
> This is true even if the decryption succeeded but the password was incorrect or no encryption was used and the password is incorrect.
> This is bad as it can result in lockout due to the multiple failed logins - deploy needs to login several times - and may cause unnecessary work for system admins.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)