There should be redaction in gfsh history. Maybe repeating the command is a case that wasn't fully covered? This is a bug we'll need to file and fix.
Clear text in process string is probably not a bug. Users should implement a callback to provide the password instead of providing it as a system property unless they're ok with it showing in the process string. This may need more documentation? The logs should not contain the clear text password and this would be a bug if it does. -Kirk On Tue, Nov 15, 2016 at 11:08 AM, Karen Miller <kmil...@apache.org> wrote: > When specifying user name and password to use as authentication credentials > with the gfsh start server command, the password is specified in the clear. > I've added a note in the documentation to point this out, but specifying a > password > in this way leads to further ways the clear text password can be seen. > > - gfsh history will repeat back the command with the password shown > - any user on the box can see the clear text password with 'ps' > - (haven't checked if this happens) logs may have the clear text password > > Is this an issue? The history is for a particular user, so not so bad. > Logs can use file system permissions to reduce access. But anyone with > access to the box can list the processes. > > Karen >
