You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "JC (JIRA)" <ji...@apache.org> on 2017/08/14 13:49:00 UTC
[jira] [Created] (CASSANDRA-13763) Trivial but potential security
issue?
JC created CASSANDRA-13763:
------------------------------
Summary: Trivial but potential security issue?
Key: CASSANDRA-13763
URL: https://issues.apache.org/jira/browse/CASSANDRA-13763
Project: Cassandra
Issue Type: Bug
Components: Tools
Reporter: JC
Priority: Trivial
Hi
In a recent github mirror, I've found the following line.
Path: tools/stress/src/org/apache/cassandra/stress/settings/SettingsMode.java
{code:java}
177 out.printf(" Password: %s%n", (password==null?password:"*suppressed *"));
{code}
As the original password is intended to be masked as "*suppressed *", I was wondering if showing "null" when the password is null is safe. This might not be an issue but I wanted to report just in case. Thanks!
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org