[ 
https://issues.apache.org/jira/browse/CASSANDRA-12411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15412099#comment-15412099
 ] 

Robert Stupp commented on CASSANDRA-12411:
------------------------------------------

Question here is: how shall cqlsh detect that e.g. {{we23dwenvhe}} is a 
password? What I mean is, that {{CRETE USER foo WITH PASSWORD 'bar';}} contains 
a valid password - but there's a syntax error in it - so cqlsh would not know 
that {{bar}} is a password.

Passwords are just a special kind of sensitive information - and sensitive 
information could also be in DML statements.

IMO a better and more general improvement would be a cqlsh command to 
disable/enable recording of commands in the history - e.g. {{HISTORY 
OFF}}/{{HISTORY ON}}.

> Do not store passwords in .cassandra/cqlsh_history
> --------------------------------------------------
>
>                 Key: CASSANDRA-12411
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12411
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: jonathan lacefield
>
> This is a request to ensure that passwords are not stored in the 
> cqlsh_history file. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to