Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-4928

mvn --encrypt-master-password is insecure

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 2.2.1, 3.0, 3.0.1
    • None
    • Command Line
    • None

    Description

      gregw@Brick: ~
      [506] mvn --encrypt-master-password something-very-very-secret

      {zfC2klZItekHCPGwE+R0JZ2+RjyDlqxP343ThV0R3B5taWEHbI5t+QGfXOZ0mq9j}

      gregw@Brick: ~
      [507] history 2
      506 mvn --encrypt-master-password something-very-very-secret
      507 history 2

      commands that take passwords should not accept them from the command line, as they are then visible in history and even in some PS output. They should prompt for passwords with echo turned off.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. MNG-4099 Password encryption CLI switches should prompt for password if missing

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Activity

            People

              brett Brett Porter
              gregw Gregory John Wilkins
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: