[
https://jira.codehaus.org/browse/SCM-764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=354168#comment-354168
]
Ludovic Lebègue commented on SCM-764:
-------------------------------------
I have provided a patch for this one associated with a pull request on github :
https://github.com/apache/maven-scm/pull/22
> username and credentials shown as INFO on commadline
> ----------------------------------------------------
>
> Key: SCM-764
> URL: https://jira.codehaus.org/browse/SCM-764
> Project: Maven SCM
> Issue Type: Bug
> Components: maven-scm-provider-git
> Environment: Apache Maven 3.2.1
> (ea8b2b07643dbb1b84b6d16e1f08391b666bc1e9; 2014-02-14T18:37:52+01:00)
> Maven home: D:\Dev\maven\apache-maven-3.2.1
> Java version: 1.7.0_51, vendor: Oracle Corporation
> Java home: D:\Dev\Java\jdk7_51_x64\jre
> Default locale: de_DE, platform encoding: Cp1252
> OS name: "windows 7", version: "6.1", arch: "amd64", family: "windows"
> Reporter: Thomas Wabner
>
> Using git repository with gitblit on HTTPS.
> Every git command which involve the remote repository (like fetch, pull, push
> and so on) showing the username and credentials on the commandline like this:
> [INFO] Executing: cmd.exe /X /C "git push
> https://user:secret@devserver/gitblit//r/waffel/devopts.git test-branch"
> It should be avoided to ever print out passwords on the command line. I have
> encrypted the password in maven settings.xml ... but now it comes back and
> anybody can see them (also on a continues build server which should push with
> a dedicated user to a central repo).
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
