[
https://issues.apache.org/jira/browse/CASSANDRA-16983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17503262#comment-17503262
]
Brad Schoening edited comment on CASSANDRA-16983 at 3/9/22, 2:41 AM:
---------------------------------------------------------------------
I wanted to mention that the new warning message emitted when the credential
have not been separated out will cause the python unit tests to fail. I was a
little surprised since the warning was correctly sent to sys.stderr.
FAILED test/test_cqlsh_output.py
This makes the change sort of mandatory for running the tests. Clearly one can
rework their cqlshrc, but I suspect it will not then be compatible across cqlsh
4.0 and 4.1. Cqlshrc will expect the credential in cqlshrc, right?
*E AssertionError: 10 ! output: '\nNotice: Credentials in the cqlshrc
file is deprecated and will be ignored in the future.\nPlease use a credentials
file to specify the username and password.\n\n\n num !\'$#@!~" |
9223372036854775807 | 0xffffffffffffffffff | True | 1E-14 |
1e+07 | 1e+05 | 2147483647 | 32767 | ∭Ƕ⑮ฑ➳❏\' | 1950-01-01
00:00:00.000000+0000 | 127 | ffffffff-ffff-ffff-ffff-ffffffffffff |
newline->
n<- | 9\n\n(1 rows)'*
{*}test/test_cqlsh_output.py{*}:141: AssertionError
was (Author: bschoeni):
I wanted to mention that the new warning message emitted when the credential
have not been separated out will cause the python unit tests to fail. I was a
little surprised since the warning was correctly sent to sys.stderr.
FAILED test/test_cqlsh_output.py
This makes the change sort of mandatory for running the tests.
*E AssertionError: 10 != 6 : output: '\nNotice: Credentials in the
cqlshrc file is deprecated and will be ignored in the future.\nPlease use a
credentials file to specify the username and password.\n\n\n num | asciicol |
bigintcol | blobcol | booleancol | decimalcol |
doublecol | floatcol | intcol | smallintcol | textcol | timestampcol
| tinyintcol | uuidcol | varcharcol
|
varintcol\n-----+------------+---------------------+----------------------+------------+------------+-----------+----------+------------+-------------+---------+---------------------------------+------------+--------------------------------------+---------------+-----------\n
1 | __!\'$#@!~" | 9223372036854775807 | 0xffffffffffffffffff | True |
1E-14 | 1e+07 | 1e+05 | 2147483647 | 32767 | ∭Ƕ⑮ฑ➳❏\' |
1950-01-01 00:00:00.000000+0000 | 127 |
ffffffff-ffff-ffff-ffff-ffffffffffff | newline->\\n<- | 9\n\n(1 rows)'*
*test/test_cqlsh_output.py*:141: AssertionError
> Separating CQLSH credentials from the cqlshrc file
> --------------------------------------------------
>
> Key: CASSANDRA-16983
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16983
> Project: Cassandra
> Issue Type: Improvement
> Components: Tool/cqlsh
> Reporter: Bowen Song
> Assignee: Bowen Song
> Priority: Normal
> Labels: lhf
> Fix For: 4.1
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> Currently, the CQLSH tool accepts credentials (username & password) from the
> following 3 places:
> 1. the command line parameter "-p"
> 2. the cqlshrc file
> 3. prompt the user
> This is not ideal.
> Credentials in the command line is a security risk, because it could be see
> by other users on a shared system.
> The cqlshrc file is better, but still not good enough. Because the cqlshrc
> file is a config file, it's often acceptable to have it as a world readable
> file, and share it with other users. It also prevents user from having
> multiple sets of credentials, either for the same Cassandra cluster or
> different clusters.
> To improve the security of CQLSH and make it secure by design, I purpose the
> following changes:
> * Warn the user if a password is giving in the command line, and recommend
> them to use a credential file instead
> * Warn the user if credentials are present in the cqlshrc file and the
> cqlshrc file is not secure (e.g.: world readable or owned by a different user)
> * Deprecate credentials in the cqlshrc, and recommend the user to move them
> to a separate credential file. The aim is to not break anything at the
> moment, but eventually stop accepting credentials from the cqlshrc file.
> * Reject the credentials file if it's not secure, and tell the user how to
> secure it. Optionally, prompt the user for password if it's an interactive
> session. (Think how does OpenSSH handle insecure credential files)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
