You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by ji...@codehaus.org on 2004/10/07 22:48:53 UTC
[jira] Updated: (MAVEN-1457) Security: Do not show http password when downloading
The following issue has been updated:
Updater: Brett Porter (mailto:brett@codehaus.org)
Date: Thu, 7 Oct 2004 4:47 PM
Changes:
Fix Version changed to 1.0.1
---------------------------------------------------------------------
For a full history of the issue, see:
http://jira.codehaus.org/browse/MAVEN-1457?page=history
---------------------------------------------------------------------
View the issue:
http://jira.codehaus.org/browse/MAVEN-1457
Here is an overview of the issue:
---------------------------------------------------------------------
Key: MAVEN-1457
Summary: Security: Do not show http password when downloading
Type: Bug
Status: Unassigned
Priority: Major
Original Estimate: 4 hours
Time Spent: Unknown
Remaining: 4 hours
Project: maven
Fix Fors:
1.0.1
Versions:
1.0
Assignee:
Reporter: Martin Skopp
Created: Thu, 7 Oct 2004 7:57 AM
Updated: Thu, 7 Oct 2004 4:47 PM
Environment: linux, java 1.4
Description:
When a maven repo is defined with http user/password in the url, maven displays the password on the console.
E.g. set
maven.repo.remote=http://user:pass@my.host.org/maven
then you'll see user:pass also in the stdout on the cli.
Could be a security issue - better do not display the password.
---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org