You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geode.apache.org by "Kevin Duling (JIRA)" <ji...@apache.org> on 2016/12/07 18:08:59 UTC

[jira] [Commented] (GEODE-2119) gfsh user and password visible in clear text

    [ https://issues.apache.org/jira/browse/GEODE-2119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15729433#comment-15729433 ] 

Kevin Duling commented on GEODE-2119:
-------------------------------------

I've tested the scenarios listed above and found:

# History is redacted.
{code}
   / _____/ ______/ ______/ /____/ /
  / /  __/ /___  /_____  / _____  / 
 / /__/ / ____/  _____/ / /    / /  
/______/_/      /______/_/    /_/    1.1.0-SNAPSHOT

Monitor and Manage Apache Geode (incubating)
gfsh>history
  1  0: start locator --name=loc-sec --classpath=/Users/kduling/foo --properties-file=./gemfire.properties
  2  1: quit
  3  2: start locator --name=loc-sec --classpath=/Users/kduling/foo --security-properties-file=./security.properties
  4  3: connect connect --locator=pdx2-office-dhcp9.eng.vmware.com[10334]
  5  4: quit
  6  5: start server --name=srv-sec --locators=pdx2-office-dhcp9.eng.vmware.com[10334] --user=admin --password=***** --classpath=/Users/kduling/foo
  7  6: quit
  8  7: start server --name=srv-sec2 --locators=pdx2-office-dhcp9.eng.vmware.com[10334] --user=admin --password=***** --classpath=/Users/kduling/foo
  9  8: start server --name=srv-sec2 --locators=pdx2-office-dhcp9.eng.vmware.com[10334] --user=admin --password=***** --classpath=/Users/kduling/foo --port=40405
 10  9: quit
 11  10: history
{code}
# Default gfsh_history file and a new one written with --file also is redacted.
# We can't prevent users from using the --password parameter as a command-line option, but we can recommend against it.  Other systems such as postgres, mysql, oracle, all suffer from this.

Made changes to suppress the password in the log file.


> gfsh user and password visible in clear text
> --------------------------------------------
>
>                 Key: GEODE-2119
>                 URL: https://issues.apache.org/jira/browse/GEODE-2119
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh
>            Reporter: Karen Smoler Miller
>            Assignee: Kevin Duling
>
> Both gfsh connect and gfsh start server allow the specification on the command line of a user name and a password for use as credentials in authentication.  Clear text versions of the user name and password are then visible
> 1. if the user runs gfsh history
> 2. in historyfile, if the user runs gfsh history --file=historyfile
> 3. in the output of ps
> It would be worth a check to see if clear text versions of the user or password end up in any locator or server logs.  I don't believe it does for gfsh connect, but it might for the start server case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)