Maven 2 & 3

[regression] Effective settings as visible to plugins contain plain text passwords

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 3.0-alpha-4
  • Fix Version/s: 3.0-alpha-5
  • Component/s: Settings
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

When we introduced MNG-553, the passwords were only decrypted at the transport layer and the Settings instance kept in memory was kept encrypted. E.g. to save plugins from accidentally dumping the plain text passwords on the console or such.

This does currently not hold for 3.0-alpha-4 as org.apache.maven.plugin:maven-help-plugin:2.0:effective-settings shows.

Issue Links

is related to

New Feature - A new feature of the product, which has yet to be developed. MNG-553 Secure Storage of Server Passwords

  • Critical - Crashes, loss of data, severe memory leak.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Benjamin Bentmann made changes -
Field Original Value New Value
Link This issue is related to MNG-553 [ MNG-553 ]
Benjamin Bentmann made changes -
Assignee Benjamin Bentmann [ bentmann ]
Fix Version/s 3.0-alpha-5 [ 14952 ]
Resolution Fixed [ 1 ]
Status Open [ 1 ] Closed [ 6 ]

People

  • Assignee:
    Benjamin Bentmann
    Reporter:
    Benjamin Bentmann
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: