cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Vernon (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-12411) Do not store passwords in .cassandra/cqlsh_history
Date Mon, 08 Aug 2016 21:29:20 GMT


Brad Vernon commented on CASSANDRA-12411:

Couldn't cqlsh just ignore for those cql commands that use the pattern "WITH PASSWORD '.*'"
and if matched via RegEx don't store in the history or replace with the common *****.  It
would only match on CREATE USER, ALTER USER and CREATE ROLE commands.

If using a standard non-User/role based command like INSERT or UPDATE logging would make sense
since there is no understanding that the command being run is specific to a C* User's login,
but in the above cases it's known.

> Do not store passwords in .cassandra/cqlsh_history
> --------------------------------------------------
>                 Key: CASSANDRA-12411
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: jonathan lacefield
> This is a request to ensure that passwords are not stored in the cqlsh_history file.

This message was sent by Atlassian JIRA

View raw message