[ https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17380129#comment-17380129 ]
Brandon Williams commented on CASSANDRA-16801: ---------------------------------------------- A regex was explored here and shot down. The way to handle this properly is with the grammar parser, the same way the statement is parsed. > PasswordObfuscator should not assume PASSWORD is the last item in the WITH > clause > --------------------------------------------------------------------------------- > > Key: CASSANDRA-16801 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16801 > Project: Cassandra > Issue Type: Bug > Components: Tool/auditlogging > Reporter: Caleb Rackliffe > Priority: Normal > Fix For: 4.0.x, 4.x > > > CASSANDRA-16669 introduced support for obfuscating passwords for audit log > statements, but there are a few cases where the obfuscation logic can destroy > some of the contents of the original/provided string. > ex. This is perfectly valid... > {noformat} > WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false > {noformat} > ...but calling obfuscate() on it will produce... > {noformat} > WITH LOGIN = false AND PASSWORD ******* > {noformat} > We should be able to create a reasonable RegEx and use String#replaceAll() to > both simplify and correct PasswordObfuscator#obfuscate(). -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org