When you want to connect to a secure system you can choose not to use the --password option at which point you will be prompted to enter a username/password. e.g: gfsh>connect --locator=localhost[10334] Connecting to Locator at [host=localhost, port=10334] .. Connecting to Manager at [host=192.168.1.181, port=1099] .. username: super-user password: ****
On Tue, Nov 15, 2016 at 11:55 AM, Kirk Lund <kl...@apache.org> wrote: > There should be redaction in gfsh history. Maybe repeating the command is a > case that wasn't fully covered? This is a bug we'll need to file and fix. > > Clear text in process string is probably not a bug. Users should implement > a callback to provide the password instead of providing it as a system > property unless they're ok with it showing in the process string. This may > need more documentation? > > The logs should not contain the clear text password and this would be a bug > if it does. > > -Kirk > > > On Tue, Nov 15, 2016 at 11:08 AM, Karen Miller <kmil...@apache.org> wrote: > > > When specifying user name and password to use as authentication > credentials > > with the gfsh start server command, the password is specified in the > clear. > > I've added a note in the documentation to point this out, but specifying > a > > password > > in this way leads to further ways the clear text password can be seen. > > > > - gfsh history will repeat back the command with the password shown > > - any user on the box can see the clear text password with 'ps' > > - (haven't checked if this happens) logs may have the clear text password > > > > Is this an issue? The history is for a particular user, so not so bad. > > Logs can use file system permissions to reduce access. But anyone with > > access to the box can list the processes. > > > > Karen > > >
