You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Robert Stupp (JIRA)" <ji...@apache.org> on 2016/08/08 17:16:20 UTC

[jira] [Commented] (CASSANDRA-12411) Do not store passwords in .cassandra/cqlsh_history

    [ https://issues.apache.org/jira/browse/CASSANDRA-12411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412099#comment-15412099 ] 

Robert Stupp commented on CASSANDRA-12411:
------------------------------------------

Question here is: how shall cqlsh detect that e.g. {{we23dwenvhe}} is a password? What I mean is, that {{CRETE USER foo WITH PASSWORD 'bar';}} contains a valid password - but there's a syntax error in it - so cqlsh would not know that {{bar}} is a password.

Passwords are just a special kind of sensitive information - and sensitive information could also be in DML statements.

IMO a better and more general improvement would be a cqlsh command to disable/enable recording of commands in the history - e.g. {{HISTORY OFF}}/{{HISTORY ON}}.

> Do not store passwords in .cassandra/cqlsh_history
> --------------------------------------------------
>
>                 Key: CASSANDRA-12411
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12411
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: jonathan lacefield
>
> This is a request to ensure that passwords are not stored in the cqlsh_history file. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)