You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "C. Scott Andreas (JIRA)" <ji...@apache.org> on 2018/11/19 02:14:00 UTC
[jira] [Updated] (CASSANDRA-12547) Privacy Violation
[ https://issues.apache.org/jira/browse/CASSANDRA-12547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
C. Scott Andreas updated CASSANDRA-12547:
-----------------------------------------
Component/s: Compaction
> Privacy Violation
> -----------------
>
> Key: CASSANDRA-12547
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12547
> Project: Cassandra
> Issue Type: Sub-task
> Components: Compaction
> Reporter: Eduardo Aguinaga
> Priority: Trivial
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file GetCompactionThreshold.java on line 46 the method execute() mishandles sensitive information. Sensitive information should be handled carefully to avoid divulging it to unauthorized parties.
> {code:java}
> GetCompactionThreshold.java, lines 44-47:
> 44 ColumnFamilyStoreMBean cfsProxy = probe.getCfsProxy(ks, cf);
> 45 System.out.println("Current compaction thresholds for " + ks + "/" + cf + ": \n" +
> 46 " min = " + cfsProxy.getMinimumCompactionThreshold() + ", " +
> 47 " max = " + cfsProxy.getMaximumCompactionThreshold());
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org