You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Jens Deppe (JIRA)" <ji...@apache.org> on 2016/01/21 18:35:39 UTC

[jira] [Assigned] (GEODE-718) Gfsh history exposes passwords

     [ https://issues.apache.org/jira/browse/GEODE-718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jens Deppe reassigned GEODE-718:
--------------------------------

    Assignee: Jens Deppe

> Gfsh history exposes passwords
> ------------------------------
>
>                 Key: GEODE-718
>                 URL: https://issues.apache.org/jira/browse/GEODE-718
>             Project: Geode
>          Issue Type: Improvement
>          Components: management
>            Reporter: Jens Deppe
>            Assignee: Jens Deppe
>             Fix For: 1.0.0-incubating.M2
>
>
> When using gfsh connect statement, the entire connect statement is getting logged in the gfsh history file, and it shows the password for the key store in clear text in the history file.
> Here is an example connect statement that is typically executed by a automation linux script.
> {noformat}
> $ ./gfsh
>     _________________________     __
>    / _____/ ______/ ______/ /____/ /
>   / /  __/ /___  /_____  / _____  /
>  / /__/ / ____/  _____/ / /    / /
> /______/_/      /______/_/    /_/    v1.0.0-incubating-SNAPSHOT
> Monitor and Manage GemFire
> gfsh>connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire//conf/keystore/tomcat.jks --key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
> Connecting to Locator at [host=vm-abcd, port=41111] ..
> Connecting to Manager at [host=vm-abcd, port=1099] ..
> Successfully connected to: [host=vm-abcd, port=1099]
> Cluster-101 gfsh>history
> 1 …
> 2 …
> 3 connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire/conf/keystore/tomcat.jks --key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)