You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Mark Hobson (JIRA)" <ji...@codehaus.org> on 2009/03/11 12:50:13 UTC
[jira] Created: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Encryption is triggered if passwords merely contain curly braces
----------------------------------------------------------------
Key: MNG-4082
URL: http://jira.codehaus.org/browse/MNG-4082
Project: Maven 2
Issue Type: Bug
Components: Settings
Affects Versions: 2.1.0
Reporter: Mark Hobson
>From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by John Casey <jd...@commonjava.org>.
yeah, I'll take a look at this.
Brett Porter wrote:
> 2009/4/27 John Casey (JIRA) <ji...@codehaus.org>
>
>> [
>> http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=174313#action_174313]
>>
>> John Casey commented on MNG-4082:
>> ---------------------------------
>>
>> This has been implemented in plexus-cipher 1.4-SNAPSHOT, which is a
>> dependency of plexus-sec-dispatcher 1.3-SNAPSHOT. I'll release both of these
>> before we start pulling together the Maven 2.1.1 release.
>
>
> While you are there, can you:
> - add the license to the POMs and artifacts
> - make sure the POM's contain a reference to the project information (They
> point to non-existent forge.sonatype.com)
> - add a reference to the project's issue tracking to the POM.
>
> Thanks,
> Brett
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by Brett Porter <br...@apache.org>.
2009/4/27 John Casey (JIRA) <ji...@codehaus.org>
>
> [
> http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=174313#action_174313]
>
> John Casey commented on MNG-4082:
> ---------------------------------
>
> This has been implemented in plexus-cipher 1.4-SNAPSHOT, which is a
> dependency of plexus-sec-dispatcher 1.3-SNAPSHOT. I'll release both of these
> before we start pulling together the Maven 2.1.1 release.
While you are there, can you:
- add the license to the POMs and artifacts
- make sure the POM's contain a reference to the project information (They
point to non-existent forge.sonatype.com)
- add a reference to the project's issue tracking to the POM.
Thanks,
Brett
--
Brett Porter
http://blogs.exist.com/bporter/
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Mark Hobson (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=170399#action_170399 ]
Mark Hobson commented on MNG-4082:
----------------------------------
Just trying password encryption to workaround this issue but am having problems. Perhaps it'd be worth supporting an escaped syntax of \{ to allow curly braces to still be used in clear text passwords?
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Issue Comment Edited: (MNG-4082) Encryption is triggered if
passwords merely contain curly braces
Posted by "Mark Hobson (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=170399#action_170399 ]
Mark Hobson edited comment on MNG-4082 at 3/20/09 6:48 AM:
-----------------------------------------------------------
Just trying password encryption to workaround this issue but am having problems. Perhaps it'd be worth supporting an escaped syntax of backslash-curly-brace to allow curly braces to still be used in clear text passwords?
was (Author: mihobson):
Just trying password encryption to workaround this issue but am having problems. Perhaps it'd be worth supporting an escaped syntax of \{ to allow curly braces to still be used in clear text passwords?
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=170444#action_170444 ]
Oleg Gusakov commented on MNG-4082:
-----------------------------------
We are so close to 2.1.0 release that I'd rather not change anything short of a regression.
Maybe you can re-issue this password? That will buy me some time to fix this long term .. :)
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Mark Hobson (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=170453#action_170453 ]
Mark Hobson commented on MNG-4082:
----------------------------------
Sure, no rush for 2.1.0; I got password encryption working in the end. Do you want me to raise another issue for escaping curly braces or to reopen and rename this one?
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Reopened: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Gusakov reopened MNG-4082:
-------------------------------
reopen to fix curly brackets in the clear text passwords
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Mark Hobson (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=168913#action_168913 ]
Mark Hobson commented on MNG-4082:
----------------------------------
Right, I see, no worries then. Feel free to close this issue down then thanks.
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "John Casey (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=174313#action_174313 ]
John Casey commented on MNG-4082:
---------------------------------
This has been implemented in plexus-cipher 1.4-SNAPSHOT, which is a dependency of plexus-sec-dispatcher 1.3-SNAPSHOT. I'll release both of these before we start pulling together the Maven 2.1.1 release.
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: John Casey
> Fix For: 2.1.1
>
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=168904#action_168904 ]
Oleg Gusakov commented on MNG-4082:
-----------------------------------
This is a correct assumption.
Can you encrypt the password? Use http://maven.apache.org/guides/mini/guide-encryption.html to create master password, then encrypt this one.
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=168917#action_168917 ]
Oleg Gusakov commented on MNG-4082:
-----------------------------------
clarified docs in r752527
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Issue Comment Edited: (MNG-4082) Encryption is triggered if
passwords merely contain curly braces
Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=168911#action_168911 ]
Oleg Gusakov edited comment on MNG-4082 at 3/11/09 11:35 AM:
-------------------------------------------------------------
This was done by intention: so that security dispatcher or user can comment the password: "this password was set on 2009-03-11 and expires .. {COQLCE6DU6GtcS5P=}" and/or add additional information to be processed by the dispatcher
This all resulted from the the discussion last year - http://docs.codehaus.org/display/MAVEN/Secured+Passwords
was (Author: olle):
This was done by intention: so that security dispatcher or user can comment the password: "this password was set on 2009-03-11 and expires .. {COQLCE6DU6GtcS5P=}" and/or add additional information to be processed by the dispatcher
This all resulted the the discussion last year - http://docs.codehaus.org/display/MAVEN/Secured+Passwords
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated MNG-4082:
------------------------------
Fix Version/s: 2.1.1
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
> Fix For: 2.1.1
>
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=168911#action_168911 ]
Oleg Gusakov commented on MNG-4082:
-----------------------------------
This was done by intention: so that security dispatcher or user can comment the password: "this password was set on 2009-03-11 and expires .. {COQLCE6DU6GtcS5P=}" and/or add additional information to be processed by the dispatcher
This all resulted the the discussion last year - http://docs.codehaus.org/display/MAVEN/Secured+Passwords
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Oleg Gusakov (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Gusakov closed MNG-4082.
-----------------------------
Resolution: Not A Bug
Looks like a misunderstanding. I will make documentation clearer on this subject.
Thank you Mark!
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: Oleg Gusakov
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "John Casey (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Casey closed MNG-4082.
---------------------------
Resolution: Fixed
escape character is '\'. See http://maven.apache.org/guides/mini/guide-encryption.html#Tips for more (once this is deployed to the public website).
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
> Assignee: John Casey
> Fix For: 2.2.0
>
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MNG-4082) Encryption is triggered if passwords
merely contain curly braces
Posted by "Mark Hobson (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MNG-4082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=168907#action_168907 ]
Mark Hobson commented on MNG-4082:
----------------------------------
Even if the password is something like: "foo{bar}"? When are curly braces used for encrypted passwords if they don't explicitly start and end the password?
I will try to encrypt the password, but it'd be good if this wasn't necessary.
> Encryption is triggered if passwords merely contain curly braces
> ----------------------------------------------------------------
>
> Key: MNG-4082
> URL: http://jira.codehaus.org/browse/MNG-4082
> Project: Maven 2
> Issue Type: Bug
> Components: Settings
> Affects Versions: 2.1.0
> Reporter: Mark Hobson
>
> From what I gather, the syntax for encrypted passwords is "{...}", but encryption is also triggered for passwords containing curly braces.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira