[ https://issues.apache.org/jira/browse/CASSANDRA-12547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
C. Scott Andreas updated CASSANDRA-12547: ----------------------------------------- Component/s: Compaction > Privacy Violation > ----------------- > > Key: CASSANDRA-12547 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12547 > Project: Cassandra > Issue Type: Sub-task > Components: Compaction > Reporter: Eduardo Aguinaga > Priority: Trivial > > Overview: > In May through June of 2016 a static analysis was performed on version 3.0.5 > of the Cassandra source code. The analysis included an automated analysis > using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools > Understand v4. The results of that analysis includes the issue below. > Issue: > In the file GetCompactionThreshold.java on line 46 the method execute() > mishandles sensitive information. Sensitive information should be handled > carefully to avoid divulging it to unauthorized parties. > {code:java} > GetCompactionThreshold.java, lines 44-47: > 44 ColumnFamilyStoreMBean cfsProxy = probe.getCfsProxy(ks, cf); > 45 System.out.println("Current compaction thresholds for " + ks + "/" + cf + > ": \n" + > 46 " min = " + cfsProxy.getMinimumCompactionThreshold() + ", " + > 47 " max = " + cfsProxy.getMaximumCompactionThreshold()); > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org