[ http://jira.codehaus.org/browse/MNG-553?page=all ]
Brett Porter updated MNG-553:
-----------------------------
Fix Version: (was: 2.0-beta-3)
2.1
> Secure Storage of Server Passwords
> ----------------------------------
>
> Key: MNG-553
> URL: http://jira.codehaus.org/browse/MNG-553
> Project: Maven 2
> Type: Improvement
> Versions: 2.0-alpha-3
> Environment: Although it may not be relevant since this is a general
> improvement issue, Windows XP, JDK 1.4.1.
> Reporter: J. Michael McGarr
> Priority: Minor
> Fix For: 2.1
>
>
> This was a question pose to the Maven User's Group and it was suggested I add
> it here.
> It would be benefitial to provide a more secure means of storing password's
> to the servers listed in the .m2/settings.xml. They are currently being
> stored as plain text and could definately be considered a security breach.
> Numerous organizations would undoubtedly considered this an unacceptable
> security risk, and this could prevent widespread adoption of Maven2.
> I would suggest leaving an option to encrypt the password into the settings
> file (more secure, but not foolproof) or even requiring the password to be
> manually provided per build (would prevent automation of builds). I am sure
> that there is a secure solution to this problem and it should be part of the
> 2.0 release.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
