[
http://jira.codehaus.org/browse/MDEPLOY-129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=257626#action_257626
]
Rick Herrick commented on MDEPLOY-129:
--------------------------------------
If you close the shell out, the history is gone, at least in Windows, and
history can be easily cleared in shell. Certainly better than putting it in
plaintext in settings.xml, which is what is prescribed in the main Maven manual.
> Need a way to specify repository credentials securely for deploy operations
> ---------------------------------------------------------------------------
>
> Key: MDEPLOY-129
> URL: http://jira.codehaus.org/browse/MDEPLOY-129
> Project: Maven 2.x Deploy Plugin
> Issue Type: New Feature
> Components: deploy:deploy-file
> Affects Versions: 2.4, 2.5
> Environment: All
> Reporter: Rick Herrick
>
> Currently, credentials for performing a deployment must be specified in the
> settings.xml. However, if a Maven repository is set to use LDAP for its
> authentication mechanism, this means exposing domain security credentials in
> plaintext in a static file on the hard drive and is _extremely_ insecure (as
> specified in the documentation: "Unfortunately, Maven doesn't currently
> support hashed or encrypted passwords in the settings.xml"). This is simply
> not workable in a secure environment, e.g. government, defense, financial,
> etc.
> Instead there should be an option to provide these credentials on the command
> line or using hash or encryption algorithms.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
