cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitrii Saprykin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-9972) Make node tool command take a password file (2.0.x)
Date Tue, 04 Aug 2015 13:55:05 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-9972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14653673#comment-14653673
] 

Dmitrii Saprykin commented on CASSANDRA-9972:
---------------------------------------------

Yes, I understand that it is slightly late for this change but there are plenty of people
using 2.0.x and no way to pass password secure. If you changed your mind  (CASSANDRA-5316,
CASSANDRA-6279) it would be consistent to patch 2.0.x too.

> Make node tool command take a password file (2.0.x)
> ---------------------------------------------------
>
>                 Key: CASSANDRA-9972
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9972
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Dmitrii Saprykin
>            Assignee: Clément Lardeur
>            Priority: Trivial
>              Labels: nodetool
>         Attachments: cassandra-2.0-6660.patch
>
>
> We are sending the jmx password in the clear to the node tool command in production.
This is a security risk. Any one doing a 'ps' can see the clear password. Can we change the
node tool command to also take a password file argument. This file will list the JMX user
and passwords. Example below:
> cat /cassandra/run/10003004.jmxpasswd
> monitorRole abc
> controlRole def
> Based on the user name provided, node tool can pick up the right password. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message