[jira] (MJARSIGNER-35) verbose mode shows keystore password in clear text

Thomas Grimault (JIRA) Wed, 05 Feb 2014 07:05:09 -0800

    [ 
https://jira.codehaus.org/browse/MJARSIGNER-35?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=340710#comment-340710
 ]


Thomas Grimault edited comment on MJARSIGNER-35 at 2/5/14 9:00 AM:
-------------------------------------------------------------------

Without enabling verbose output, passwords are also in clear text when jar 
signing failed.


was (Author: tgrimault):
Without enabling verbose output passwords are also in clear text when jar 
signing failed.

> verbose mode shows keystore password in clear text
> --------------------------------------------------
>
>                 Key: MJARSIGNER-35
>                 URL: https://jira.codehaus.org/browse/MJARSIGNER-35
>             Project: Maven Jar Signer Plugin
>          Issue Type: Bug
>    Affects Versions: 1.3.1
>            Reporter: Marco Speranza
>
> If is enabled verbose output, is printed out to the command line the keystore 
> password in clear text.
> here is an example:
> [INFO] cmd.exe /X /C ""C:\Program 
> Files\Java\jdk1.7.0_51\jre\..\bin\jarsigner.exe" -verbose -keystore 
> mc-keystore -storepass mypassword



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)

[jira] (MJARSIGNER-35) verbose mode shows keystore password in clear text

Reply via email to