You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Barbara Pruijn (JIRA)" <ji...@apache.org> on 2018/03/01 19:26:00 UTC
[jira] [Updated] (GEODE-4318) gfsh does not redact passwords from
history if given without =
[ https://issues.apache.org/jira/browse/GEODE-4318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Barbara Pruijn updated GEODE-4318:
----------------------------------
Component/s: gfsh
> gfsh does not redact passwords from history if given without =
> --------------------------------------------------------------
>
> Key: GEODE-4318
> URL: https://issues.apache.org/jira/browse/GEODE-4318
> Project: Geode
> Issue Type: Bug
> Components: gfsh, security
> Reporter: Patrick Rhomberg
> Priority: Major
>
> The {{ArgumentRedactor}} expects arguments in the form {{--option=value}} and detects what should be redacted based on {{option}}. However, when given as {{--option value}}, the terms {{option}} and {{value}} will be parsed separately and {{value}} will not be redacted.
> As a consequence, any {{gfsh}} command executed with {{[command] --user username --password myPassword}} will be visible in plaintext in command history.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)