[jira] [Commented] (GEODE-2119) gfsh user and password visible in clear text

Fri, 09 Dec 2016 13:14:12 -0800 

    [ 
https://issues.apache.org/jira/browse/GEODE-2119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15736363#comment-15736363
 ] 

ASF GitHub Bot commented on GEODE-2119:
---------------------------------------

GitHub user kjduling opened a pull request:

    https://github.com/apache/geode/pull/311

    GEODE-2119: gfsh user and password in clear text

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/kjduling/apache-geode feature/GEODE-2119

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/geode/pull/311.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #311
    
----
commit f5860798b3eee0eadffdc78709a9f985a161fb6a
Author: Kevin J. Duling <[email protected]>
Date:   2016-12-07T21:23:38Z

    GEODE-2119: gfsh user and password visible in clear text
    
    Made changes to suppress the password from being displayed in the log files 
and on the console.

commit 7d175d352b12c9e331842cf8cc3335e722c41e2f
Author: Kevin J. Duling <[email protected]>
Date:   2016-12-08T17:05:02Z

    Avoid null=****** scenario

commit db450c5895a278c4a43aeb8ba7533ccddf8cb108
Author: Kevin J. Duling <[email protected]>
Date:   2016-12-09T20:52:01Z

    GEODE-2119: gfsh user and password visible in clear text
    
    Added tests

----


> gfsh user and password visible in clear text
> --------------------------------------------
>
>                 Key: GEODE-2119
>                 URL: https://issues.apache.org/jira/browse/GEODE-2119
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh
>            Reporter: Karen Smoler Miller
>            Assignee: Kevin Duling
>
> Both gfsh connect and gfsh start server allow the specification on the 
> command line of a user name and a password for use as credentials in 
> authentication.  Clear text versions of the user name and password are then 
> visible
> 1. if the user runs gfsh history
> 2. in historyfile, if the user runs gfsh history --file=historyfile
> 3. in the output of ps
> It would be worth a check to see if clear text versions of the user or 
> password end up in any locator or server logs.  I don't believe it does for 
> gfsh connect, but it might for the start server case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to