[
https://issues.apache.org/jira/browse/IVY-486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492289
]
Xavier Hanin commented on IVY-486:
----------------------------------
Indeed it's even more secure. But maybe we loose too much info. What do you
think of this:
{code:java}
/**
* Return a string that can be used for debug purpose. It contains
only stars for each password character.
*/
public String toString() {
return getKey() + " " + getUserName() + "/" +
getPasswdAsStars();
}
private String getPasswdAsStars() {
if (_passwd == null) {
return null;
}
StringBuffer sb = new StringBuffer();
for (int i = _passwd.length(); i>0; i--) {
sb.append('*');
}
return sb.toString();
}
{code}
> Credentials are shown in build log even if debug is not enabled
> ---------------------------------------------------------------
>
> Key: IVY-486
> URL: https://issues.apache.org/jira/browse/IVY-486
> Project: Ivy
> Issue Type: Bug
> Components: Ant
> Affects Versions: 1.4.1
> Reporter: Pavel Sher
> Attachments: IVY-486.patch
>
>
> I have the following construction in my Ant build.xml:
> <ivy-configure file="${basedir}/ivyconf.xml">
> <credentials host="host" realm="realm" username="user" passwd="pass" />
> </ivy-configure>
> When Ant starts this build.xml I see in the output:
> credentials added [EMAIL PROTECTED] user/pass
> This output is produced by CredentialsStore class even if debug level is not
> enabled. As I can see the problem is that Messages.init is called after the
> adding of credentials and this message goes right to the system error and
> then it is printed by Ant itself. The problem is critical for me because I
> want to use this build.xml in the continuous integration server and I do not
> want my credentials to be shown in the build log. Is there a workaround for
> this?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
