[
https://issues.apache.org/jira/browse/MJAVADOC-447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed MJAVADOC-447.
-----------------------------------
Resolution: Fixed
The user and password are gone, they aren't used anyway.
> Command line dump reveals proxy user/password in case of errors
> ---------------------------------------------------------------
>
> Key: MJAVADOC-447
> URL: https://issues.apache.org/jira/browse/MJAVADOC-447
> Project: Maven Javadoc Plugin
> Issue Type: Improvement
> Environment: Maven version: 2.0.7 Java version: 1.4.2 OS name:
> "windows xp" version: "5.1" arch: "x86"
> Reporter: Christian K.
> Assignee: Michael Osipov
> Priority: Minor
> Fix For: 3.1.0
>
>
> If http proxy is set, in case of error calling javadoc, the whole command
> line call is dumped out on console.
> This can reveal sensible information about personal proxy settings (user and
> password) which are passed
> via -J-Dhttp.proxyUser= and -J-Dhttp.proxyPassword= arguments to the javadoc
> executable.
> For example:
> Command line was:"C:\Program
> Files\IBM\WebSphere\AppServer\java\jre\..\bin\javadoc.exe"
> -J-DproxyHost=urlofmyproxy -J-DproxyPort=8080 -J-Dhttp.proxySet=true
> -J-Dhttp.proxyHost=urlofmyproxy -J-Dhttp.proxyPort=8080
> -J-Dhttp.nonProxyHosts="myinternalrepo" -J-Dhttp.proxyUser="FOO"
> -J-Dhttp.proxyPassword="BAR" @options @packages
> If this can be an issue, consider hiding these values in the dump.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
