Hi Stefan, Thank you for bringing this to the list. Truly appreciate it! Honestly, I have mixed feelings. While I am sure it is a great work, I think that anything classified as improvement and not a bug which has a current workaround(that is what I understood from your email without looking at the ticket itself) shouldn’t be merged at this point to cassandra-4.0. I am open to hear different perspective but this is my current view after spending big part of my day working on the Cassandra CI latest issues. To be clear, this is no expression of disbelief in your or anyone else work but rather practical opinion from seeing how unstable could be our CI and how close we probably are to getting the release out. Please let me know what you think. Best regards, Ekaterina
On Thu, 3 Jun 2021 at 16:24, Stefan Miklosovic < stefan.mikloso...@instaclustr.com> wrote: > Hi list, > > During our evaluation of 4.0 internally, we noticed that there are > passwords in the plaintext in audit logging (and in fql). While I was > going through CASSANDRA-12151, I noticed that the password obfuscation > in these components was planned but it was never implemented and it > was merged without it, probably it was just lost in the process. > > There is ongoing effort in CASSANDRA-16669 to fix this and we are > almost there, it is a rather easy fix, but the question is: what is > this actually supposed to be merged into? > > While I humbly think this is 4.0-worthy, the process we have, as far > as I know, is that there should be only critical fixes in 4.0 so I > guess this will go to 4.0.1, right? Or does this qualify to go to 4.0 > still? Where is that line? > > The existing workaround is to exclude DCL statements from auditing but > in practice I can imagine that people notice this and exclude it > after they have already been leaked because they do not know in > advance it is not obfuscated. > > Are we all on the same page this should go to 4.0.x? I made my peace > with it, I just want to double check that people are aware of this and > 4.0 will by default display passwords in audit logs in plain text > otherwise. > > One sub-question - do you think that FQL should _not_ obfuscate it? As > it is meant to replay it all, replaying obfuscated passwords does not > make a lot of sense but on the other hand I am not sure we want to > have them in the logs. What is your idea around this? > > Regards > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org > For additional commands, e-mail: dev-h...@cassandra.apache.org > >
