You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Niket Vilas Bagwe (JIRA)" <ji...@apache.org> on 2019/08/14 05:45:00 UTC

[jira] [Created] (CASSANDRA-15278) User's password for sstableloader tool is visible in ps command output.

Niket Vilas Bagwe created CASSANDRA-15278:
---------------------------------------------

             Summary: User's password for sstableloader tool is visible in ps command output.
                 Key: CASSANDRA-15278
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15278
             Project: Cassandra
          Issue Type: Bug
          Components: Tool/bulk load
            Reporter: Niket Vilas Bagwe


As of now, the password is visible in ps auxww output to any of the system user if the command line utility for sstableloader is used. This seems to be a security flaw. There should be an alternate option to pass the user's password other than as a command line argument.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org