You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/03/29 13:09:00 UTC
[jira] [Commented] (GEODE-4318) gfsh does not redact passwords from
history if given without =
[ https://issues.apache.org/jira/browse/GEODE-4318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16804951#comment-16804951 ]
ASF subversion and git services commented on GEODE-4318:
--------------------------------------------------------
Commit a0e3a45d2664a74f21506de9be2f6402ce5e19cf in geode's branch refs/heads/develop from Jens Deppe
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=a0e3a45 ]
GEODE-4318: Ensure that passwords are correctly redacted in the gfsh history file (#3372)
- Remove redact method in GfshHistory in favor of
ArgumentRedactor.redact
Co-authored-by: Jens Deppe <jd...@pivotal.io>
Co-authored-by: Donal Evans <do...@gmail.com>
> gfsh does not redact passwords from history if given without =
> --------------------------------------------------------------
>
> Key: GEODE-4318
> URL: https://issues.apache.org/jira/browse/GEODE-4318
> Project: Geode
> Issue Type: Bug
> Components: gfsh, security
> Reporter: Patrick Rhomberg
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The {{ArgumentRedactor}} expects arguments in the form {{--option=value}} and detects what should be redacted based on {{option}}. However, when given as {{--option value}}, the terms {{option}} and {{value}} will be parsed separately and {{value}} will not be redacted.
> As a consequence, any {{gfsh}} command executed with {{[command] --user username --password myPassword}} will be visible in plaintext in command history.
> ----
> Update: Upon a quick investigation, it appears that this and GEODE-3452 both can be addressed by creating / overriding and redacting in {{GfshHistory}}'s implementation of {{jline.console.history.History::add}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)