[
http://jira.codehaus.org/browse/MNG-553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=162786#action_162786
]
Oleg Gusakov commented on MNG-553:
----------------------------------
Looks like the name *sec.xml* is too short and may be confusing. Changing for
*encryption-settings.xml*
> Secure Storage of Server Passwords
> ----------------------------------
>
> Key: MNG-553
> URL: http://jira.codehaus.org/browse/MNG-553
> Project: Maven 2
> Issue Type: Improvement
> Components: Settings
> Affects Versions: 2.0-alpha-3
> Environment: Although it may not be relevant since this is a general
> improvement issue, Windows XP, JDK 1.4.1.
> Reporter: J. Michael McGarr
> Assignee: Brett Porter
> Priority: Critical
> Fix For: 2.1.0-M2
>
> Attachments: MNG-553.patch
>
>
> This was a question pose to the Maven User's Group and it was suggested I add
> it here.
> It would be benefitial to provide a more secure means of storing password's
> to the servers listed in the .m2/settings.xml. They are currently being
> stored as plain text and could definately be considered a security breach.
> Numerous organizations would undoubtedly considered this an unacceptable
> security risk, and this could prevent widespread adoption of Maven2.
> I would suggest leaving an option to encrypt the password into the settings
> file (more secure, but not foolproof) or even requiring the password to be
> manually provided per build (would prevent automation of builds). I am sure
> that there is a secure solution to this problem and it should be part of the
> 2.0 release.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
