You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Jens Deppe (JIRA)" <ji...@apache.org> on 2015/12/30 18:15:49 UTC
[jira] [Created] (GEODE-718) Gfsh history exposes passwords
Jens Deppe created GEODE-718:
--------------------------------
Summary: Gfsh history exposes passwords
Key: GEODE-718
URL: https://issues.apache.org/jira/browse/GEODE-718
Project: Geode
Issue Type: Improvement
Components: management
Reporter: Jens Deppe
When using gfsh connect statement, the entire connect statement is getting logged in the gfsh history file, and it shows the password for the key store in clear text in the history file.
Here is an example connect statement that is typically executed by a automation linux script.
{noformat}
$ ./gfsh
_________________________ __
/ _____/ ______/ ______/ /____/ /
/ / __/ /___ /_____ / _____ /
/ /__/ / ____/ _____/ / / / /
/______/_/ /______/_/ /_/ v1.0.0-incubating-SNAPSHOT
Monitor and Manage GemFire
gfsh>connect --locator=vm-abcd[41111] --use-ssl=true --key-store=/var/gemfire//conf/keystore/tomcat.jks --key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
Connecting to Locator at [host=vm-abcd, port=41111] ..
Connecting to Manager at [host=vm-abcd, port=1099] ..
Successfully connected to: [host=vm-abcd, port=1099]
Cluster-101 gfsh>history
1 …
2 …
3 connect --locator=vm-d8c2-cb9d[41111] --use-ssl=true --key-store=/var/gemfire/conf/keystore/tomcat.jks --key-store-password=blah-blah --trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password= blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)