[
https://jira.codehaus.org/browse/MNG-5265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=340245#comment-340245
]
Jason van Zyl commented on MNG-5265:
------------------------------------
Is preemptive auth on GET still on?
I don't think we need to do any special fiddling. I think what needs to happen
is per the spec and that you shouldn't send any authentication info unless the
server requests it. For large PUTs to prevent having to wait until the end of
the transmission another way would need to be found. I can't remember if a HEAD
on resource triggers the server to send an authentication request if required.
> enforce repository url verification for passing authz
> -----------------------------------------------------
>
> Key: MNG-5265
> URL: https://jira.codehaus.org/browse/MNG-5265
> Project: Maven 2 & 3
> Issue Type: Improvement
> Components: Settings
> Affects Versions: 2.0.10, 2.2.1, 3.0.2, 3.0.3, 3.0.4
> Reporter: Olivier Lamy
> Fix For: 3.2
>
>
> Related discussion: http://markmail.org/message/7pswshucxc7qwtef
> in your settings you have:
> {code}
> <server>
> <username>olamy</username>
> <password>reallycomplicatedpassword</password>
> <id>foo.org</id>
> </server>
> {code}
> During dependencies resolution, you get a pom with a repository.
> {code}
> <repository>
> <id>foo.org</id>
> <url>http://yourpasswordwillbehacked.org/</url>
> </repository>
> {code}
> Idea id in settings must contains the target hostname.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
