bowensong commented on a change in pull request #1220:
URL: https://github.com/apache/cassandra/pull/1220#discussion_r721761204
##########
File path: bin/cqlsh.py
##########
@@ -2107,16 +2117,47 @@ def should_use_color():
return True
+def is_file_secure(filename):
+ if is_win:
+ # We simply cannot tell whether the file is seucre on Windows,
+ # because os.stat().st_uid is always 0 and os.stat().st_mode is
meaningless
+ return True
+
+ try:
+ st = os.stat(filename)
+ except OSError as e:
+ if e.errno != errno.ENOENT:
+ raise
+ return True # the file doesn't exists, the security of it is
irrelevant
+
+ uid = os.getuid()
+
+ # Skip enforcing the file owner and UID matching for the root user (uid ==
0).
+ # This is to allow "sudo cqlsh" to work with user owned credentials file.
+ return (uid == 0 or st.st_uid == uid) and stat.S_IMODE(st.st_mode) &
(stat.S_IRGRP | stat.S_IROTH) == 0
+
+
def read_options(cmdlineargs, environment):
configs = configparser.SafeConfigParser() if sys.version_info < (3, 2)
else configparser.ConfigParser()
configs.read(CONFIG_FILE)
rawconfigs = configparser.RawConfigParser()
rawconfigs.read(CONFIG_FILE)
+ username_from_cqlshrc = option_with_default(configs.get, 'authentication',
'username')
+ password_from_cqlshrc = option_with_default(rawconfigs.get,
'authentication', 'password')
+ if username_from_cqlshrc or password_from_cqlshrc:
+ if password_from_cqlshrc and not is_file_secure(CONFIG_FILE):
+ print("\nWarning: Password is found in an insecure cqlshrc file.
The file is owned or readable by other users on the system.",
+ end='', file=sys.stderr)
+ print("\nNotice: Credentials in the cqlshrc file is deprecated and
will be ignored in the future."
+ "\nPlease use a credentials file to specify the username and
password.\n", file=sys.stderr)
Review comment:
Keep in mind that doesn't make any sense for a Windows user. Also an
inexperienced user would have no way to know the file format. I believe the
better approach is to let the user RTFM, either implicitly, like what it is
right now, or explicitly, such as showing a link to the documentation or just
copy
& paste the relevant content from the documentation to the notification
message.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
