Return-Path: 
 <commits-return-111881-apmail-cassandra-commits-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-commits-archive@www.apache.org
Delivered-To: apmail-cassandra-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3763E11458
	for <apmail-cassandra-commits-archive@www.apache.org>;
 Sat, 13 Sep 2014 23:20:34 +0000 (UTC)
Received: (qmail 65761 invoked by uid 500); 13 Sep 2014 23:20:34 -0000
Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org
Received: (qmail 65721 invoked by uid 500); 13 Sep 2014 23:20:34 -0000
Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cassandra.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cassandra.apache.org>
List-Post: <mailto:commits@cassandra.apache.org>
List-Id: <commits.cassandra.apache.org>
Reply-To: dev@cassandra.apache.org
Delivered-To: mailing list commits@cassandra.apache.org
Received: (qmail 65706 invoked by uid 99); 13 Sep 2014 23:20:34 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Sep 2014 23:20:34 +0000
Date: Sat, 13 Sep 2014 23:20:33 +0000 (UTC)
From: "Brandon Williams (JIRA)" <jira@apache.org>
To: commits@cassandra.apache.org
Message-ID: <JIRA.12673055.1381338933000.29125.1410650433976@Atlassian.JIRA>
In-Reply-To: <JIRA.12673055.1381338933000@Atlassian.JIRA>
References: <JIRA.12673055.1381338933000@Atlassian.JIRA>
 <JIRA.12673055.1381338933515@arcas>
Subject: [jira] [Commented] (CASSANDRA-6174) Cassandra keystore password is
 in plain text
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/CASSANDRA-6174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133020#comment-14133020 ] 

Brandon Williams commented on CASSANDRA-6174:
---------------------------------------------

base64 doesn't seem like any kind of improvement to me, we might as well just leave it in plaintext.

> Cassandra keystore password is in plain text 
> ---------------------------------------------
>
>                 Key: CASSANDRA-6174
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6174
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Config
>            Reporter: Shahryar Sedghi
>            Priority: Minor
>              Labels: lhf
>         Attachments: 2.1-CASSANDRA-6174.txt
>
>
> It is an extremely bad security practice to keep any password, particularly  keystore password in plain text. it can be easily obfuscated.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)