Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-553

Secure Storage of Server Passwords

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 2.0-alpha-3
    • 2.1.0, 3.0-alpha-3
    • Settings
    • None
    • Although it may not be relevant since this is a general improvement issue, Windows XP, JDK 1.4.1.

    Description

      This was a question pose to the Maven User's Group and it was suggested I add it here.

      It would be benefitial to provide a more secure means of storing password's to the servers listed in the .m2/settings.xml. They are currently being stored as plain text and could definately be considered a security breach. Numerous organizations would undoubtedly considered this an unacceptable security risk, and this could prevent widespread adoption of Maven2.

      I would suggest leaving an option to encrypt the password into the settings file (more secure, but not foolproof) or even requiring the password to be manually provided per build (would prevent automation of builds). I am sure that there is a secure solution to this problem and it should be part of the 2.0 release.

      Attachments

        1. MNG-553.patch
          1 kB
          Benjamin Bentmann

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. MDEPLOY-51 Prompt for username and password if not supplied

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. WAGON-52 wagon-webdav does not ask for auth password when <username>...</username> is missing

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MNG-4082 Encryption is triggered if passwords merely contain curly braces

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MNG-4459 [regression] Effective settings as visible to plugins contain plain text passwords

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MNG-4033 Introduce password encryption to the trunk

          • Major - Major loss of function.
          • Closed

          Activity

            People

              olle Olle Jonsson
              porterhouse91 J. Michael McGarr
              Votes:
              40 Vote for this issue
              Watchers:
              33 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: