One more point - if we keep the workaround, that should be documented with big red letters for the users.
On Thu, 3 Jun 2021 at 16:38, Ekaterina Dimitrova <e.dimitr...@gmail.com> wrote: > Hi Stefan, > Thank you for bringing this to the list. Truly appreciate it! > Honestly, I have mixed feelings. While I am sure it is a great work, I > think that anything classified as improvement and not a bug which has a > current workaround(that is what I understood from your email without > looking at the ticket itself) shouldn’t be merged at this point to > cassandra-4.0. > I am open to hear different perspective but this is my current view after > spending big part of my day working on the Cassandra CI latest issues. > To be clear, this is no expression of disbelief in your or anyone else > work but rather practical opinion from seeing how unstable could be our CI > and how close we probably are to getting the release out. > Please let me know what you think. > Best regards, > Ekaterina > > > > On Thu, 3 Jun 2021 at 16:24, Stefan Miklosovic < > stefan.mikloso...@instaclustr.com> wrote: > >> Hi list, >> >> During our evaluation of 4.0 internally, we noticed that there are >> passwords in the plaintext in audit logging (and in fql). While I was >> going through CASSANDRA-12151, I noticed that the password obfuscation >> in these components was planned but it was never implemented and it >> was merged without it, probably it was just lost in the process. >> >> There is ongoing effort in CASSANDRA-16669 to fix this and we are >> almost there, it is a rather easy fix, but the question is: what is >> this actually supposed to be merged into? >> >> While I humbly think this is 4.0-worthy, the process we have, as far >> as I know, is that there should be only critical fixes in 4.0 so I >> guess this will go to 4.0.1, right? Or does this qualify to go to 4.0 >> still? Where is that line? >> >> The existing workaround is to exclude DCL statements from auditing but >> in practice I can imagine that people notice this and exclude it >> after they have already been leaked because they do not know in >> advance it is not obfuscated. >> >> Are we all on the same page this should go to 4.0.x? I made my peace >> with it, I just want to double check that people are aware of this and >> 4.0 will by default display passwords in audit logs in plain text >> otherwise. >> >> One sub-question - do you think that FQL should _not_ obfuscate it? As >> it is meant to replay it all, replaying obfuscated passwords does not >> make a lot of sense but on the other hand I am not sure we want to >> have them in the logs. What is your idea around this? >> >> Regards >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org >> For additional commands, e-mail: dev-h...@cassandra.apache.org >> >>
