[ https://issues.apache.org/jira/browse/CASSANDRA-17334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Berenguer Blasi updated CASSANDRA-17334: ---------------------------------------- Description: As seen on CASSANDRA-16801 and friends we are working across the system with plain text passwords. These can be unintentionally revealed by intermediate systems. Allowing the use of hashed passwords should mitigate that. The idea is to add a new option {{HASHED PASSWORD}} for {{CREATE/ALTER ROLE/USER}}. Examples: {noformat} CREATE ROLE foo WITH login = true AND hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG'; ALTER ROLE foo WITH hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG'; {noformat} To generate the password hash, there will be a new tool {{hash_password}} in resources/cassandra/bin Based on original works from [~snazy] was: As seen on CASSANDRA-16801 and friends we are working across the system with plain text passwords. These can be unintentionally revealed by intermediate systems. Allowing the use of hashed passwords should mitigate that. The idea is to add a new option {{HASHED PASSWORD}} for {{CREATE/ALTER ROLE/USER}}. Examples: {noformat} CREATE ROLE foo WITH login = true AND hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG'; ALTER ROLE foo WITH hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG'; {noformat} To generate the password hash, there will be a new tool {{hash_password}} in resources/cassandra/bin > Pre hashed passwords in CQL > --------------------------- > > Key: CASSANDRA-17334 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17334 > Project: Cassandra > Issue Type: Improvement > Components: Feature/Authorization > Reporter: Berenguer Blasi > Assignee: Berenguer Blasi > Priority: Normal > Fix For: 4.1 > > > As seen on CASSANDRA-16801 and friends we are working across the system with > plain text passwords. These can be unintentionally revealed by intermediate > systems. Allowing the use of hashed passwords should mitigate that. The idea > is to add a new option {{HASHED PASSWORD}} for {{CREATE/ALTER ROLE/USER}}. > Examples: > {noformat} > CREATE ROLE foo WITH login = true AND hashed password = > '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG'; > ALTER ROLE foo WITH hashed password = > '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG'; > {noformat} > To generate the password hash, there will be a new tool {{hash_password}} in > resources/cassandra/bin > Based on original works from [~snazy] -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org