[GEODE-2119] gfsh user and password visible in clear text - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.0-incubating
Fix Version/s: 1.1.0
Component/s: gfsh
Labels:
None

Description

Both gfsh connect and gfsh start server allow the specification on the command line of a user name and a password for use as credentials in authentication. Clear text versions of the user name and password are then visible
1. if the user runs gfsh history
2. in historyfile, if the user runs gfsh history --file=historyfile
3. in the output of ps

It would be worth a check to see if clear text versions of the user or password end up in any locator or server logs. I don't believe it does for gfsh connect, but it might for the start server case.

Attachments

Issue Links

links to

GitHub Pull Request #311

Sub-Tasks

Verify no clear-text passwords in documentation

Closed

Joey McAllister

Activity

People

Assignee:: Kevin Duling

Reporter:: Karen Smoler Miller

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 16/Nov/16 23:00

Updated:: 09/Feb/17 22:43

Resolved:: 14/Dec/16 17:52