[ http://jira.codehaus.org/browse/MJAR-33?page=comments#action_63462 ]
Jerome Lacoste commented on MJAR-33: ------------------------------------ If there was a way to mark a commandLine argument as being security sensitive, that would be cool. I will report that as a potential enhancement for the Apache commons-exec project that we might depend upon some day. > Jarsigner shows password on command line > ---------------------------------------- > > Key: MJAR-33 > URL: http://jira.codehaus.org/browse/MJAR-33 > Project: Maven 2.x Jar Plugin > Type: Bug > Versions: 2.1 > Reporter: Hes Siemelink > > > When I sign a jar I see the password of the keystore in the debug output: > [debug] jarsigner executable=[C:\Program > Files\Java\jdk1.5.0_05\jre\..\bin\jarsigner.exe] > [debug] Executing: "C:\Program > Files\Java\jdk1.5.0_05\jre\..\bin\jarsigner.exe" -keystore my-keystore.pfx > -storepas > s SECRET_PASSPHRASE!! -storetype PKCS12 > E:\Temp\jbossall-client-jboss-4.0.3.jar mykey > It would be nice if this could be masked. > I get this using the webstart plugin. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
