You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christian K. (JIRA)" <ji...@apache.org> on 2016/04/05 13:39:25 UTC
[jira] [Updated] (MJAVADOC-447) Command line dump reveals proxy
user/password in case of errors
[ https://issues.apache.org/jira/browse/MJAVADOC-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian K. updated MJAVADOC-447:
----------------------------------
Fix Version/s: (was: 2.4)
> Command line dump reveals proxy user/password in case of errors
> ---------------------------------------------------------------
>
> Key: MJAVADOC-447
> URL: https://issues.apache.org/jira/browse/MJAVADOC-447
> Project: Maven Javadoc Plugin
> Issue Type: Improvement
> Environment: Maven version: 2.0.7 Java version: 1.4.2 OS name: "windows xp" version: "5.1" arch: "x86"
> Reporter: Christian K.
> Assignee: Siveton Vincent
> Priority: Minor
>
> If http proxy is set, in case of error calling javadoc, the whole command line call is dumped out on console.
> This can reveal sensible information about personal proxy settings (user and password) which are passed
> via -J-Dhttp.proxyUser= and -J-Dhttp.proxyPassword= arguments to the javadoc executable.
> For example:
> Command line was:"C:\Program Files\IBM\WebSphere\AppServer\java\jre\..\bin\javadoc.exe" -J-DproxyHost=urlofmyproxy -J-DproxyPort=8080 -J-Dhttp.proxySet=true -J-Dhttp.proxyHost=urlofmyproxy -J-Dhttp.proxyPort=8080 -J-Dhttp.nonProxyHosts="myinternalrepo" -J-Dhttp.proxyUser="FOO" -J-Dhttp.proxyPassword="BAR" @options @packages
> If this can be an issue, consider hiding these values in the dump.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)