[ 
https://issues.apache.org/jira/browse/CASSANDRA-17334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500661#comment-17500661
 ] 

Berenguer Blasi commented on CASSANDRA-17334:
---------------------------------------------

Well,

the PR is up. Some shadows and some lights though. I managed to pin down 2 
unrelated nasty bugs which is good. I managed to make the thing work which is 
good also.

The problem comes from the cqlsh command. I got onto that path and I am 
attaching a diff of the hash command currently just clearing the screen so I 
don't loose that bit of code. Server side hash is done with jBcrypt. It does 
have a py port which is just a wrapper to C code. The problem is that jBcrypt 
and pyBcrypt have difference licenses, the py one not being friendly to us 
after checking with some PMC members and 
([link|https://www.apache.org/legal/resolved.html]) because of the advertising 
clause to start with. Hence we have no py lib and the alternative would be to 
call some java code. This takes us back to square 1 where we don't have a 
self-contained nice command solution.

I need to explore more the hash py lib side of things and licenses. We could 
replace both server and client with a new lib that supports more languages. 
That would be a bit like future proofing for future hashing needs which seems 
like a good idea. The problem being upgrade scenarios where we'd have to 
support both hash versions, old and new, at some point. All this is well beyond 
what I wanted to do in this ticket and too much of a big-bang change for my 
taste if it can be avoided.

The plain text passwords path remains untouched, this will all be opt-in, it's 
an improvement to the current state, we fix some bugs and doesn't block future 
development. So I would get this ticket done as a first step and open a new one 
for the other work .

> Pre hashed passwords in CQL
> ---------------------------
>
>                 Key: CASSANDRA-17334
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17334
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Authorization
>            Reporter: Berenguer Blasi
>            Assignee: Berenguer Blasi
>            Priority: Normal
>             Fix For: 4.1
>
>         Attachments: cqlsh.diff
>
>
> As seen on CASSANDRA-16801 and friends we are working across the system with 
> plain text passwords. These can be unintentionally revealed by intermediate 
> systems. Allowing the use of hashed passwords should mitigate that. The idea 
> is to add a new option {{HASHED PASSWORD}} for {{CREATE/ALTER ROLE/USER}}. 
> Examples:
> {noformat}
> CREATE ROLE foo WITH login = true AND hashed password = 
> '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';
> ALTER ROLE foo WITH hashed password = 
> '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';
> {noformat}
> To generate the password hash, there will be a new tool {{hash_password}} in 
> resources/cassandra/bin
> Based on original works from [~snazy]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to