[jira] Created: (MNG-4928) mvn --encrypt-master-password is insecure

Greg Wilkins (JIRA) Wed, 08 Dec 2010 03:41:30 -0800

mvn --encrypt-master-password is insecure
-----------------------------------------


                 Key: MNG-4928
                 URL: http://jira.codehaus.org/browse/MNG-4928
             Project: Maven 2 & 3
          Issue Type: Bug
          Components: Command Line
    Affects Versions: 3.0.1, 3.0, 2.2.1
            Reporter: Greg Wilkins


gr...@brick: ~
[506] mvn --encrypt-master-password something-very-very-secret
{zfC2klZItekHCPGwE+R0JZ2+RjyDlqxP343ThV0R3B5taWEHbI5t+QGfXOZ0mq9j}

gr...@brick: ~
[507] history 2
  506  mvn --encrypt-master-password something-very-very-secret
  507  history 2

commands that take passwords should not accept them from the command line, as 
they are then visible in history and even in some PS output. They should prompt 
for passwords with echo turned off.






-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Created: (MNG-4928) mvn --encrypt-master-password is insecure

Reply via email to