You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Vishy Kasar (JIRA)" <ji...@apache.org> on 2014/02/05 20:46:09 UTC
[jira] [Created] (CASSANDRA-6660) Make node tool command take a
password file
Vishy Kasar created CASSANDRA-6660:
--------------------------------------
Summary: Make node tool command take a password file
Key: CASSANDRA-6660
URL: https://issues.apache.org/jira/browse/CASSANDRA-6660
Project: Cassandra
Issue Type: Improvement
Reporter: Vishy Kasar
We are sending the jmx password in the clear to the node tool command in production. This is a security risk. Any one doing a 'ps' can see the clear password. Can we change the node tool command to also take a password file argument. This file will list the JMX user and passwords. Example below:
cat /cassandra/run/10003004.jmxpasswd
monitorRole abc
controlRole def
Based on the user name provided, node tool can pick up the right password.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)