Uploaded image for project: 'Maven Javadoc Plugin'
  1. Maven Javadoc Plugin
  2. MJAVADOC-447

Command line dump reveals proxy user/password in case of errors

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.1.0
    • Component/s: None
    • Labels:
      None
    • Environment:
      Maven version: 2.0.7 Java version: 1.4.2 OS name: "windows xp" version: "5.1" arch: "x86"

      Description

      If http proxy is set, in case of error calling javadoc, the whole command line call is dumped out on console.
      This can reveal sensible information about personal proxy settings (user and password) which are passed
      via -J-Dhttp.proxyUser= and -J-Dhttp.proxyPassword= arguments to the javadoc executable.

      For example:
      Command line was:"C:\Program Files\IBM\WebSphere\AppServer\java\jre\..\bin\javadoc.exe" -J-DproxyHost=urlofmyproxy -J-DproxyPort=8080 -J-Dhttp.proxySet=true -J-Dhttp.proxyHost=urlofmyproxy -J-Dhttp.proxyPort=8080 -J-Dhttp.nonProxyHosts="myinternalrepo" -J-Dhttp.proxyUser="FOO" -J-Dhttp.proxyPassword="BAR" @options @packages

      If this can be an issue, consider hiding these values in the dump.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                michael-o Michael Osipov
                Reporter:
                christian.k.2510 Christian K.
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: