Thomas Wabner created SCM-764:
---------------------------------
Summary: username and credentials shown as INFO on commadline
Key: SCM-764
URL: https://jira.codehaus.org/browse/SCM-764
Project: Maven SCM
Issue Type: Bug
Components: maven-scm-provider-git
Environment: Apache Maven 3.2.1
(ea8b2b07643dbb1b84b6d16e1f08391b666bc1e9; 2014-02-14T18:37:52+01:00)
Maven home: D:\Dev\maven\apache-maven-3.2.1
Java version: 1.7.0_51, vendor: Oracle Corporation
Java home: D:\Dev\Java\jdk7_51_x64\jre
Default locale: de_DE, platform encoding: Cp1252
OS name: "windows 7", version: "6.1", arch: "amd64", family: "windows"
Reporter: Thomas Wabner
Using git repository with gitblit on HTTPS.
Every git command which involve the remote repository (like fetch, pull, push
and so on) showing the username and credentials on the commandline like this:
[INFO] Executing: cmd.exe /X /C "git push
https://user:secret@devserver/gitblit//r/waffel/devopts.git test-branch"
It should be avoided to ever print out passwords on the command line. I have
encrypted the password in maven settings.xml ... but now it comes back and
anybody can see them (also on a continues build server which should push with a
dedicated user to a central repo).
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
