You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "JC (JIRA)" <ji...@apache.org> on 2017/08/14 13:49:00 UTC

[jira] [Created] (CASSANDRA-13763) Trivial but potential security issue?

JC created CASSANDRA-13763:
------------------------------

             Summary: Trivial but potential security issue? 
                 Key: CASSANDRA-13763
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13763
             Project: Cassandra
          Issue Type: Bug
          Components: Tools
            Reporter: JC
            Priority: Trivial


Hi

In a recent github mirror, I've found the following line.
Path: tools/stress/src/org/apache/cassandra/stress/settings/SettingsMode.java

{code:java}
177         out.printf("  Password: %s%n", (password==null?password:"*suppressed    *"));
{code}

As the original password is intended to be masked as "*suppressed   *", I was wondering if showing "null" when the password is null is safe. This might not be an issue but I wanted to report just in case. Thanks!



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org