Karen Smoler Miller created GEODE-2119:
------------------------------------------
Summary: gfsh user and password visible in clear text
Key: GEODE-2119
URL: https://issues.apache.org/jira/browse/GEODE-2119
Project: Geode
Issue Type: Bug
Components: gfsh
Reporter: Karen Smoler Miller
Both gfsh connect and gfsh start server allow the specification on the command
line of a user name and a password for use as credentials in authentication.
Clear text versions of the user name and password are then visible
1. if the user runs gfsh history
2. in historyfile, if the user runs gfsh history --file=historyfile
3. in the output of ps
It would be worth a check to see if clear text versions of the user or password
end up in any locator or server logs. I don't believe it does for gfsh
connect, but it might for the start server case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
