[
https://issues.apache.org/jira/browse/CASSANDRA-16983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17420723#comment-17420723
]
Bowen Song edited comment on CASSANDRA-16983 at 9/27/21, 1:15 PM:
------------------------------------------------------------------
I have installed `ant` and built the JAR files:
{noformat}
$ ant realclean && ant jar
......
_build-test:
[javac] Compiling 1034 source files to
/home/user/cassandra_fork/build/test/classes
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[copy] Copying 27 files to /home/user/cassandra_fork/build/test/classes
jar:
[mkdir] Created dir: /home/user/cassandra_fork/build/classes/stress/META-INF
[mkdir] Created dir: /home/user/cassandra_fork/build/tools/lib
[jar] Building jar: /home/user/cassandra_fork/build/tools/lib/stress.jar
[mkdir] Created dir:
/home/user/cassandra_fork/build/classes/fqltool/META-INF
[jar] Building jar: /home/user/cassandra_fork/build/tools/lib/fqltool.jar
BUILD SUCCESSFUL
Total time: 50 seconds
{noformat}
However, the dtests are still failing. Any idea how to troubleshoot it?
BTW, I didn't wait for it to complete this time, because the tests are all
failing anyway...
{noformat}
auditlog_test.py FFFFF
[ 0%]
auth_join_ring_false_test.py FFFF
[ 0%]
auth_test.py
FFssFFFFsFFFFFFFFFFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEFFFFFFFFEEEEEE
[ 8%]
batch_test.py FFFFFFFFFFFFFFFFFFsssssss
[ 10%]
{noformat}
EDIT: never mind, I've figured it out. I have to set the JAVA_HOME env var,
even though `java` command is in $PATH, the tests won't use it unless JAVA_HOME
is set.
was (Author: bowen song):
I have installed `ant` and built the JAR files:
{noformat}
$ ant realclean && ant jar
......
_build-test:
[javac] Compiling 1034 source files to
/home/user/cassandra_fork/build/test/classes
[javac] Note: Some input files use or override a deprecated API.
[javac] Note: Recompile with -Xlint:deprecation for details.
[javac] Note: Some input files use unchecked or unsafe operations.
[javac] Note: Recompile with -Xlint:unchecked for details.
[copy] Copying 27 files to /home/user/cassandra_fork/build/test/classes
jar:
[mkdir] Created dir: /home/user/cassandra_fork/build/classes/stress/META-INF
[mkdir] Created dir: /home/user/cassandra_fork/build/tools/lib
[jar] Building jar: /home/user/cassandra_fork/build/tools/lib/stress.jar
[mkdir] Created dir:
/home/user/cassandra_fork/build/classes/fqltool/META-INF
[jar] Building jar: /home/user/cassandra_fork/build/tools/lib/fqltool.jar
BUILD SUCCESSFUL
Total time: 50 seconds
{noformat}
However, the dtests are still failing. Any idea how to troubleshoot it?
BTW, I didn't wait for it to complete this time, because the tests are all
failing anyway...
{noformat}
auditlog_test.py FFFFF
[ 0%]
auth_join_ring_false_test.py FFFF
[ 0%]
auth_test.py
FFssFFFFsFFFFFFFFFFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEFFFFFFFFEEEEEE
[ 8%]
batch_test.py FFFFFFFFFFFFFFFFFFsssssss
[ 10%]
{noformat}
> Separating CQLSH credentials from the cqlshrc file
> --------------------------------------------------
>
> Key: CASSANDRA-16983
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16983
> Project: Cassandra
> Issue Type: Improvement
> Components: Tool/cqlsh
> Reporter: Bowen Song
> Assignee: Bowen Song
> Priority: Normal
> Labels: lhf
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Currently, the CQLSH tool accepts credentials (username & password) from the
> following 3 places:
> 1. the command line parameter "-p"
> 2. the cqlshrc file
> 3. prompt the user
> This is not ideal.
> Credentials in the command line is a security risk, because it could be see
> by other users on a shared system.
> The cqlshrc file is better, but still not good enough. Because the cqlshrc
> file is a config file, it's often acceptable to have it as a world readable
> file, and share it with other users. It also prevents user from having
> multiple sets of credentials, either for the same Cassandra cluster or
> different clusters.
> To improve the security of CQLSH and make it secure by design, I purpose the
> following changes:
> * Warn the user if a password is giving in the command line, and recommend
> them to use a credential file instead
> * Warn the user if credentials are present in the cqlshrc file and the
> cqlshrc file is not secure (e.g.: world readable or owned by a different user)
> * Deprecate credentials in the cqlshrc, and recommend the user to move them
> to a separate credential file. The aim is to not break anything at the
> moment, but eventually stop accepting credentials from the cqlshrc file.
> * Reject the credentials file if it's not secure, and tell the user how to
> secure it. Optionally, prompt the user for password if it's an interactive
> session. (Think how does OpenSSH handle insecure credential files)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
