You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christian K. (JIRA)" <ji...@apache.org> on 2016/04/05 13:38:25 UTC
[jira] [Created] (MJAVADOC-447) Command line dump reveals proxy
user/password in case of errors
Christian K. created MJAVADOC-447:
-------------------------------------
Summary: Command line dump reveals proxy user/password in case of errors
Key: MJAVADOC-447
URL: https://issues.apache.org/jira/browse/MJAVADOC-447
Project: Maven Javadoc Plugin
Issue Type: Improvement
Environment: Maven version: 2.0.7 Java version: 1.4.2 OS name: "windows xp" version: "5.1" arch: "x86"
Reporter: Christian K.
Assignee: Siveton Vincent
Priority: Minor
Fix For: 2.4
If http proxy is set, in case of error calling javadoc, the whole command line call is dumped out on console.
This can reveal sensible information about personal proxy settings (user and password) which are passed
via -J-Dhttp.proxyUser= and -J-Dhttp.proxyPassword= arguments to the javadoc executable.
For example:
Command line was:"C:\Program Files\IBM\WebSphere\AppServer\java\jre\..\bin\javadoc.exe" -J-DproxyHost=urlofmyproxy -J-DproxyPort=8080 -J-Dhttp.proxySet=true -J-Dhttp.proxyHost=urlofmyproxy -J-Dhttp.proxyPort=8080 -J-Dhttp.nonProxyHosts="myinternalrepo" -J-Dhttp.proxyUser="FOO" -J-Dhttp.proxyPassword="BAR" @options @packages
If this can be an issue, consider hiding these values in the dump.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)