You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Brandon Williams (JIRA)" <ji...@apache.org> on 2013/10/31 21:26:19 UTC

[jira] [Commented] (CASSANDRA-6279) command-line tool shouldn't require password

    [ https://issues.apache.org/jira/browse/CASSANDRA-6279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13810658#comment-13810658 ] 

Brandon Williams commented on CASSANDRA-6279:
---------------------------------------------

I think if you're fancy enough to be using auth, you're fancy enough to use your own client (or at least cqlsh instead.)  Any kind of arg erasing or password input isn't really worth the effort in the cli at this point.

> command-line tool shouldn't require password
> --------------------------------------------
>
>                 Key: CASSANDRA-6279
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6279
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Peter Halliday
>            Priority: Minor
>
> If you use nodetool and cassandra-cli, and have Thrift authentication, then you are required to pass in the password on the command-line.  This is a potential security issue.  For those that choose to do so, that's fine.  However, ideally, there would be a method of not doing that, which would prompt you to enter a password.  Understanding that no method is complete "secure", this would be certainly more so.



--
This message was sent by Atlassian JIRA
(v6.1#6144)