[ http://jira.codehaus.org/browse/MNG-4928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=246852#action_246852 ]
Greg Wilkins commented on MNG-4928: ----------------------------------- Also a note should be made to anybody that is editing passwords in their setting.xml files, that many editors keep histories of edits. for example, I found several instances of my ssh passphrase in .viminfo because I had removed it from my settings with a search and replace. > mvn --encrypt-master-password is insecure > ----------------------------------------- > > Key: MNG-4928 > URL: http://jira.codehaus.org/browse/MNG-4928 > Project: Maven 2 & 3 > Issue Type: Bug > Components: Command Line > Affects Versions: 2.2.1, 3.0, 3.0.1 > Reporter: Greg Wilkins > > gr...@brick: ~ > [506] mvn --encrypt-master-password something-very-very-secret > {zfC2klZItekHCPGwE+R0JZ2+RjyDlqxP343ThV0R3B5taWEHbI5t+QGfXOZ0mq9j} > gr...@brick: ~ > [507] history 2 > 506 mvn --encrypt-master-password something-very-very-secret > 507 history 2 > commands that take passwords should not accept them from the command line, as > they are then visible in history and even in some PS output. They should > prompt for passwords with echo turned off. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira