Thanks for find these Karen, Can you please file a JIRA for this issue? On Tue, Nov 15, 2016 at 5:29 PM, Karen Miller <kmil...@pivotal.io> wrote:
> Also, when doing a gfsh connect (not just start server) that specifies user > and password > on the command line, if a further command of > gfsh history --file=historyfilename > is executed, the user and password are written in clear text to the history > file. > > > On Tue, Nov 15, 2016 at 12:31 PM, Jinmei Liao <jil...@pivotal.io> wrote: > > > I thought we had code that deals with redacting password in gfsh history, > > not sure why it's not in effect anymore. > > > > On Tue, Nov 15, 2016 at 2:27 PM, Swapnil Bawaskar <sbawas...@pivotal.io> > > wrote: > > > > > When you want to connect to a secure system you can choose not to use > the > > > --password option at which point you will be prompted to enter a > > > username/password. > > > e.g: > > > gfsh>connect --locator=localhost[10334] > > > Connecting to Locator at [host=localhost, port=10334] .. > > > Connecting to Manager at [host=192.168.1.181, port=1099] .. > > > username: super-user > > > password: **** > > > > > > > > > On Tue, Nov 15, 2016 at 11:55 AM, Kirk Lund <kl...@apache.org> wrote: > > > > > > > There should be redaction in gfsh history. Maybe repeating the > command > > > is a > > > > case that wasn't fully covered? This is a bug we'll need to file and > > fix. > > > > > > > > Clear text in process string is probably not a bug. Users should > > > implement > > > > a callback to provide the password instead of providing it as a > system > > > > property unless they're ok with it showing in the process string. > This > > > may > > > > need more documentation? > > > > > > > > The logs should not contain the clear text password and this would > be a > > > bug > > > > if it does. > > > > > > > > -Kirk > > > > > > > > > > > > On Tue, Nov 15, 2016 at 11:08 AM, Karen Miller <kmil...@apache.org> > > > wrote: > > > > > > > > > When specifying user name and password to use as authentication > > > > credentials > > > > > with the gfsh start server command, the password is specified in > the > > > > clear. > > > > > I've added a note in the documentation to point this out, but > > > specifying > > > > a > > > > > password > > > > > in this way leads to further ways the clear text password can be > > seen. > > > > > > > > > > - gfsh history will repeat back the command with the password shown > > > > > - any user on the box can see the clear text password with 'ps' > > > > > - (haven't checked if this happens) logs may have the clear text > > > password > > > > > > > > > > Is this an issue? The history is for a particular user, so not so > > bad. > > > > > Logs can use file system permissions to reduce access. But anyone > > with > > > > > access to the box can list the processes. > > > > > > > > > > Karen > > > > > > > > > > > > > > > > > > > > -- > > Cheers > > > > Jinmei > > >
