geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens Deppe (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (GEODE-718) Gfsh history exposes passwords
Date Wed, 30 Dec 2015 17:16:49 GMT

     [ https://issues.apache.org/jira/browse/GEODE-718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jens Deppe updated GEODE-718:
-----------------------------
    Description: 
When using gfsh connect statement, the entire connect statement is getting logged in the gfsh
history file, and it shows the password for the key store in clear text in the history file.
Here is an example connect statement that is typically executed by a automation linux script.
{noformat}
$ ./gfsh
    _________________________     __
   / _____/ ______/ ______/ /____/ /
  / /  __/ /___  /_____  / _____  /
 / /__/ / ____/  _____/ / /    / /
/______/_/      /______/_/    /_/    v1.0.0-incubating-SNAPSHOT

Monitor and Manage GemFire
gfsh>connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire//conf/keystore/tomcat.jks
--key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=blah-blah
--ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
Connecting to Locator at [host=vm-abcd, port=41111] ..
Connecting to Manager at [host=vm-abcd, port=1099] ..
Successfully connected to: [host=vm-abcd, port=1099]
Cluster-101 gfsh>history
1 …
2 …
3 connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire/conf/keystore/tomcat.jks
--key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=
blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
{noformat}


  was:
When using gfsh connect statement, the entire connect statement is getting logged in the gfsh
history file, and it shows the password for the key store in clear text in the history file.
Here is an example connect statement that is typically executed by a automation linux script.
{noformat}
$ ./gfsh
    _________________________     __
   / _____/ ______/ ______/ /____/ /
  / /  __/ /___  /_____  / _____  /
 / /__/ / ____/  _____/ / /    / /
/______/_/      /______/_/    /_/    v1.0.0-incubating-SNAPSHOT

Monitor and Manage GemFire
gfsh>connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire//conf/keystore/tomcat.jks
--key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=blah-blah
--ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
Connecting to Locator at [host=vm-abcd, port=41111] ..
Connecting to Manager at [host=vm-abcd, port=1099] ..
Successfully connected to: [host=vm-abcd, port=1099]
Cluster-101 gfsh>history
1 …
2 …
3 connect --locator=vm-d8c2-cb9d[41111] --use-ssl=true --key-store=/var/gemfire/conf/keystore/tomcat.jks
--key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=
blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
{noformat}



> Gfsh history exposes passwords
> ------------------------------
>
>                 Key: GEODE-718
>                 URL: https://issues.apache.org/jira/browse/GEODE-718
>             Project: Geode
>          Issue Type: Improvement
>          Components: management
>            Reporter: Jens Deppe
>
> When using gfsh connect statement, the entire connect statement is getting logged in
the gfsh history file, and it shows the password for the key store in clear text in the history
file.
> Here is an example connect statement that is typically executed by a automation linux
script.
> {noformat}
> $ ./gfsh
>     _________________________     __
>    / _____/ ______/ ______/ /____/ /
>   / /  __/ /___  /_____  / _____  /
>  / /__/ / ____/  _____/ / /    / /
> /______/_/      /______/_/    /_/    v1.0.0-incubating-SNAPSHOT
> Monitor and Manage GemFire
> gfsh>connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire//conf/keystore/tomcat.jks
--key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=blah-blah
--ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
> Connecting to Locator at [host=vm-abcd, port=41111] ..
> Connecting to Manager at [host=vm-abcd, port=1099] ..
> Successfully connected to: [host=vm-abcd, port=1099]
> Cluster-101 gfsh>history
> 1 …
> 2 …
> 3 connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire/conf/keystore/tomcat.jks
--key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=
blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message