[jira] [Comment Edited] (CASSANDRA-16801) PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause

Fri, 29 Oct 2021 00:36:08 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17435823#comment-17435823
 ] 

Stefan Miklosovic edited comment on CASSANDRA-16801 at 10/29/21, 7:35 AM:
--------------------------------------------------------------------------

It would be ideal to see a progress towards antlr solution. Due to the 
complexity of this seemingly easy task and being short of time to do that 
before 4.0.0 we just went with solution Brandon mentioned. This "brutal" 
approach of deleting everything after PASSWORD was done on purpose.


was (Author: stefan.miklosovic):
It would be ideal to see a progress towards antlr solution. Due to the 
complexity of this seemingly easy task and being short of time to do that 
before 4.0.0 we just went with solution Brandon mentioned.

> PasswordObfuscator should not assume PASSWORD is the last item in the WITH 
> clause
> ---------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-16801
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16801
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/auditlogging
>            Reporter: Caleb Rackliffe
>            Assignee: Berenguer Blasi
>            Priority: Normal
>             Fix For: 4.0.x, 4.x
>
>
> CASSANDRA-16669 introduced support for obfuscating passwords for audit log 
> statements, but there are a few cases where the obfuscation logic can destroy 
> some of the contents of the original/provided string.
> ex. This is perfectly valid...
> {noformat}
> WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false
> {noformat}
> ...but calling obfuscate() on it will produce...
> {noformat}
> WITH LOGIN = false AND PASSWORD *******
> {noformat}
> -We should be able to create a reasonable RegEx and use String#replaceAll() 
> to both simplify and correct PasswordObfuscator#obfuscate().-



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to