You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Barbara Pruijn (JIRA)" <ji...@apache.org> on 2018/03/01 19:26:00 UTC

[jira] [Updated] (GEODE-4318) gfsh does not redact passwords from history if given without =

     [ https://issues.apache.org/jira/browse/GEODE-4318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Barbara Pruijn updated GEODE-4318:
----------------------------------
    Component/s: gfsh

> gfsh does not redact passwords from history if given without =
> --------------------------------------------------------------
>
>                 Key: GEODE-4318
>                 URL: https://issues.apache.org/jira/browse/GEODE-4318
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh, security
>            Reporter: Patrick Rhomberg
>            Priority: Major
>
> The {{ArgumentRedactor}} expects arguments in the form {{--option=value}} and detects what should be redacted based on {{option}}.  However, when given as {{--option value}}, the terms {{option}} and {{value}} will be parsed separately and {{value}} will not be redacted.
> As a consequence, any {{gfsh}} command executed with {{[command] --user username --password myPassword}} will be visible in plaintext in command history.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)