You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Niket Vilas Bagwe (JIRA)" <ji...@apache.org> on 2019/08/14 05:45:00 UTC
[jira] [Created] (CASSANDRA-15278) User's password for
sstableloader tool is visible in ps command output.
Niket Vilas Bagwe created CASSANDRA-15278:
---------------------------------------------
Summary: User's password for sstableloader tool is visible in ps command output.
Key: CASSANDRA-15278
URL: https://issues.apache.org/jira/browse/CASSANDRA-15278
Project: Cassandra
Issue Type: Bug
Components: Tool/bulk load
Reporter: Niket Vilas Bagwe
As of now, the password is visible in ps auxww output to any of the system user if the command line utility for sstableloader is used. This seems to be a security flaw. There should be an alternate option to pass the user's password other than as a command line argument.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org