You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Vinay Chella (Jira)" <ji...@apache.org> on 2021/05/15 01:45:00 UTC
[jira] [Created] (CASSANDRA-16669) Password obfuscation for DCL
audit log statements
Vinay Chella created CASSANDRA-16669:
----------------------------------------
Summary: Password obfuscation for DCL audit log statements
Key: CASSANDRA-16669
URL: https://issues.apache.org/jira/browse/CASSANDRA-16669
Project: Cassandra
Issue Type: Improvement
Components: Tool/auditlogging
Reporter: Vinay Chella
The goal of this JIRA is to obfuscate passwords or any sensitive information from DCL audit log statements.
Currently, (Cassandra version 4.0-rc1) logs query statements for any DCL ([ROLE|https://cassandra.apache.org/doc/latest/cql/security.html#database-roles] and [USER|https://cassandra.apache.org/doc/latest/cql/security.html#users] ) queries with passwords in plaintext format in audit log files.
Workaround to avoid plain text passwords from being logged in audit log files: Either by [excluding|https://cassandra.apache.org/doc/latest/operating/audit_logging.html#options] DCL statements from auditing or by excluding the user who is creating these roles from auditing.
It would be ideal for Cassandra to provide an option or default to obfuscate passwords or any sensitive information from DCL audit log statements
Sample audit logs with DCL queries
{code:sh}
Type: audit
LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190499676|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE new_role;
Type: audit
LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190505313|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true;
Type: audit
LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190519521|type:REQUEST_FAILURE|category:ERROR|operation:ALTER ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;; bob doesn't exist
Type: audit
LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190525376|type:CREATE_ROLE|category:DCL|operation:CREATE ROLE bob WITH PASSWORD = 'password_b' AND LOGIN = true AND SUPERUSER = true;
Type: audit
LogMessage: user:cassandra|host:localhost/127.0.0.1:7000|source:/127.0.0.1|port:51908|timestamp:1620190532462|type:ALTER_ROLE|category:DCL|operation:ALTER ROLE bob WITH PASSWORD = 'PASSWORD_B' AND SUPERUSER = false;
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org