You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@maven.apache.org by ji...@codehaus.org on 2004/10/07 13:58:58 UTC

[jira] Created: (MAVEN-1457) Security: Do not show http password when downloading

Message:

  A new issue has been created in JIRA.

---------------------------------------------------------------------
View the issue:
  http://jira.codehaus.org/browse/MAVEN-1457

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: MAVEN-1457
    Summary: Security: Do not show http password when downloading
       Type: Bug

     Status: Unassigned
   Priority: Major

 Original Estimate: 4 hours
 Time Spent: Unknown
  Remaining: 4 hours

    Project: maven
   Versions:
             1.0

   Assignee: 
   Reporter: Martin Skopp

    Created: Thu, 7 Oct 2004 7:57 AM
    Updated: Thu, 7 Oct 2004 7:57 AM
Environment: linux, java 1.4

Description:
When a maven repo is defined with http user/password in the url, maven displays the password on the console.
E.g. set

maven.repo.remote=http://user:pass@my.host.org/maven

then you'll see user:pass also in the stdout on the cli.

Could be a security issue - better do not display the password.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org

[jira] Closed: (MAVEN-1457) Security: Do not show http password when downloading

Posted by ji...@codehaus.org.

Message:

   The following issue has been closed.

---------------------------------------------------------------------
View the issue:
  http://jira.codehaus.org/browse/MAVEN-1457

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: MAVEN-1457
    Summary: Security: Do not show http password when downloading
       Type: Bug

     Status: Closed
   Priority: Major
 Resolution: FIXED

 Original Estimate: 4 hours
 Time Spent: Unknown
  Remaining: 4 hours

    Project: maven
   Fix Fors:
             1.0.1
   Versions:
             1.0

   Assignee: 
   Reporter: Martin Skopp

    Created: Thu, 7 Oct 2004 7:57 AM
    Updated: Thu, 4 Nov 2004 5:55 AM
Environment: linux, java 1.4

Description:
When a maven repo is defined with http user/password in the url, maven displays the password on the console.
E.g. set

maven.repo.remote=http://user:pass@my.host.org/maven

then you'll see user:pass also in the stdout on the cli.

Could be a security issue - better do not display the password.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org

[jira] Updated: (MAVEN-1457) Security: Do not show http password when downloading

Posted by ji...@codehaus.org.

The following issue has been updated:

    Updater: Brett Porter (mailto:brett@codehaus.org)
       Date: Thu, 7 Oct 2004 4:47 PM
    Changes:
             Fix Version changed to 1.0.1
    ---------------------------------------------------------------------
For a full history of the issue, see:

  http://jira.codehaus.org/browse/MAVEN-1457?page=history

---------------------------------------------------------------------
View the issue:
  http://jira.codehaus.org/browse/MAVEN-1457

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: MAVEN-1457
    Summary: Security: Do not show http password when downloading
       Type: Bug

     Status: Unassigned
   Priority: Major

 Original Estimate: 4 hours
 Time Spent: Unknown
  Remaining: 4 hours

    Project: maven
   Fix Fors:
             1.0.1
   Versions:
             1.0

   Assignee: 
   Reporter: Martin Skopp

    Created: Thu, 7 Oct 2004 7:57 AM
    Updated: Thu, 7 Oct 2004 4:47 PM
Environment: linux, java 1.4

Description:
When a maven repo is defined with http user/password in the url, maven displays the password on the console.
E.g. set

maven.repo.remote=http://user:pass@my.host.org/maven

then you'll see user:pass also in the stdout on the cli.

Could be a security issue - better do not display the password.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org