You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Robert Stupp (JIRA)" <ji...@apache.org> on 2016/08/08 17:16:20 UTC
[jira] [Commented] (CASSANDRA-12411) Do not store passwords in
.cassandra/cqlsh_history
[ https://issues.apache.org/jira/browse/CASSANDRA-12411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412099#comment-15412099 ]
Robert Stupp commented on CASSANDRA-12411:
------------------------------------------
Question here is: how shall cqlsh detect that e.g. {{we23dwenvhe}} is a password? What I mean is, that {{CRETE USER foo WITH PASSWORD 'bar';}} contains a valid password - but there's a syntax error in it - so cqlsh would not know that {{bar}} is a password.
Passwords are just a special kind of sensitive information - and sensitive information could also be in DML statements.
IMO a better and more general improvement would be a cqlsh command to disable/enable recording of commands in the history - e.g. {{HISTORY OFF}}/{{HISTORY ON}}.
> Do not store passwords in .cassandra/cqlsh_history
> --------------------------------------------------
>
> Key: CASSANDRA-12411
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12411
> Project: Cassandra
> Issue Type: Improvement
> Components: Core
> Reporter: jonathan lacefield
>
> This is a request to ensure that passwords are not stored in the cqlsh_history file.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)