cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Vernon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-12411) Do not store passwords in .cassandra/cqlsh_history
Date Mon, 08 Aug 2016 21:29:20 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-12411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412515#comment-15412515
] 

Brad Vernon commented on CASSANDRA-12411:
-----------------------------------------

Couldn't cqlsh just ignore for those cql commands that use the pattern "WITH PASSWORD '.*'"
and if matched via RegEx don't store in the history or replace with the common *****.  It
would only match on CREATE USER, ALTER USER and CREATE ROLE commands.

If using a standard non-User/role based command like INSERT or UPDATE logging would make sense
since there is no understanding that the command being run is specific to a C* User's login,
but in the above cases it's known.

> Do not store passwords in .cassandra/cqlsh_history
> --------------------------------------------------
>
>                 Key: CASSANDRA-12411
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12411
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: jonathan lacefield
>
> This is a request to ensure that passwords are not stored in the cqlsh_history file.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message