You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Stefan Miklosovic (Jira)" <ji...@apache.org> on 2021/05/15 07:08:00 UTC
[jira] [Comment Edited] (CASSANDRA-16669) Password obfuscation for
DCL audit log statements
[ https://issues.apache.org/jira/browse/CASSANDRA-16669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17344981#comment-17344981 ]
Stefan Miklosovic edited comment on CASSANDRA-16669 at 5/15/21, 7:07 AM:
-------------------------------------------------------------------------
Hi [~sumanth.pasupuleti],
hit me if you want a reviewer / committer, I think I can manage to get this to trunk.
was (Author: stefan.miklosovic):
Hi [~sumanth.pasupuleti],
hit me if you want a reviewer, I think I can manage to get this to trunk.
> Password obfuscation for DCL audit log statements
> -------------------------------------------------
>
> Key: CASSANDRA-16669
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16669
> Project: Cassandra
> Issue Type: Improvement
> Components: Tool/auditlogging
> Reporter: Vinay Chella
> Assignee: Sumanth Pasupuleti
> Priority: Normal
> Labels: audit, security
>
> The goal of this JIRA is to obfuscate passwords or any sensitive information from DCL audit log statements.
> Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) queries with passwords in plaintext format in audit log files.
> The current workaround to avoid plain text passwords from being logged in audit log files is either by [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] DCL statements from auditing or by excluding the user who is creating these roles from auditing.
> It would be ideal for Cassandra to provide an option or default to obfuscate passwords or any sensitive information from DCL audit log statements.
> Sample audit logs with DCL queries
> {code:sh}
> Type: audit
> LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE new_role;
> Type: audit
> LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true;
> Type: audit
> LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't exist
> Type: audit
> LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true;
> Type: audit
> LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;
> {code}
> It is also ideal to document this workaround or assumption in Cassandra audit log documentation until we close this JIRA
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org