![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Assignee:
|
Unassigned |
|
Components:
|
properties |
|
Created:
|
16/Jul/13 5:29 AM
|
|
Description:
|
The properties:write-project-properties goal writes all properties to a file, including those in settings.
Someone unsuspecting could build a project and publish it somewhere, while it would carry a file with his passwords from settings.xml, which typically contains passwords for deployment, SCMs etc.
That could be a threat, IMO.
Can the properties from settings.xml be differentiated, and ommited by default?
If not, could some list of property names regex patterns be used? Like,
^project\..*
|
|
Project:
|
Mojo
|
|
Priority:
|
![Critical]() Critical
|
|
Reporter:
|
Ondrej Zizka
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
