You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Bhargav Joshi (Jira)" <ji...@apache.org> on 2019/11/15 18:13:00 UTC
[jira] [Commented] (CASSANDRA-15278) User's password for
sstableloader tool is visible in ps command output.
[ https://issues.apache.org/jira/browse/CASSANDRA-15278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16975295#comment-16975295 ]
Bhargav Joshi commented on CASSANDRA-15278:
-------------------------------------------
In addition, sstableloader should be able to read username and password from cqlrshrc
> User's password for sstableloader tool is visible in ps command output.
> -----------------------------------------------------------------------
>
> Key: CASSANDRA-15278
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15278
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/bulk load
> Reporter: Niket Vilas Bagwe
> Priority: Normal
>
> As of now, the password is visible in ps auxww output to any of the system user if the command line utility for sstableloader is used. This seems to be a security flaw. There should be an alternate option to pass the user's password other than as a command line argument.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org