[
https://issues.apache.org/jira/browse/MJAVADOC-447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17957806#comment-17957806
]
Olivier Lamy commented on MJAVADOC-447:
---------------------------------------
This project has moved from Jira to GitHub Issues. This issue was migrated to
[apache/maven-javadoc-plugin#745|https://github.com/apache/maven-javadoc-plugin/issues/745].
> Command line dump reveals proxy user/password in case of errors
> ---------------------------------------------------------------
>
> Key: MJAVADOC-447
> URL: https://issues.apache.org/jira/browse/MJAVADOC-447
> Project: Maven Javadoc Plugin (Moved to GitHub Issues)
> Issue Type: Improvement
> Environment: Maven version: 2.0.7 Java version: 1.4.2 OS name:
> "windows xp" version: "5.1" arch: "x86"
> Reporter: Christian K.
> Assignee: Michael Osipov
> Priority: Minor
> Fix For: 3.1.0
>
>
> If http proxy is set, in case of error calling javadoc, the whole command
> line call is dumped out on console.
> This can reveal sensible information about personal proxy settings (user and
> password) which are passed
> via -J-Dhttp.proxyUser= and -J-Dhttp.proxyPassword= arguments to the javadoc
> executable.
> For example:
> Command line was:"C:\Program
> Files\IBM\WebSphere\AppServer\java\jre\..\bin\javadoc.exe"
> -J-DproxyHost=urlofmyproxy -J-DproxyPort=8080 -J-Dhttp.proxySet=true
> -J-Dhttp.proxyHost=urlofmyproxy -J-Dhttp.proxyPort=8080
> -J-Dhttp.nonProxyHosts="myinternalrepo" -J-Dhttp.proxyUser="FOO"
> -J-Dhttp.proxyPassword="BAR" @options @packages
> If this can be an issue, consider hiding these values in the dump.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
