Need a way to specify repository credentials securely for deploy operations
---------------------------------------------------------------------------

                 Key: MDEPLOY-129
                 URL: http://jira.codehaus.org/browse/MDEPLOY-129
             Project: Maven 2.x Deploy Plugin
          Issue Type: New Feature
          Components: deploy:deploy-file
    Affects Versions: 2.5, 2.4
         Environment: All
            Reporter: Rick Herrick


Currently, credentials for performing a deployment must be specified in the 
settings.xml. However, if a Maven repository is set to use LDAP for its 
authentication mechanism, this means exposing domain security credentials in 
plaintext in a static file on the hard drive and is _extremely_ insecure (as 
specified in the documentation: "Unfortunately, Maven doesn't currently support 
hashed or encrypted passwords in the settings.xml"). This is simply not 
workable in a secure environment, e.g. government, defense, financial, etc.

Instead there should be an option to provide these credentials on the command 
line or using hash or encryption algorithms.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to