[
https://issues.apache.org/jira/browse/CASSANDRA-16801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480707#comment-17480707
]
Ekaterina Dimitrova commented on CASSANDRA-16801:
-------------------------------------------------
{quote}Latest
[commit|https://github.com/apache/cassandra/pull/1293/commits/25aa6bd8c951a1824ba56fdbc729243f49fc08c5]should
address that?
{quote}
I would probably do it as a Note or Warning (I think we use Note in our docs
normally) but otherwise looks ok to me.
I left a few tiny formatting suggestions on the 4.0 PR. Those can be addressed
on commit. I am +1 on final "green" CI, thanks :)
> PasswordObfuscator should not assume PASSWORD is the last item in the WITH
> clause
> ---------------------------------------------------------------------------------
>
> Key: CASSANDRA-16801
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16801
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/auditlogging
> Reporter: Caleb Rackliffe
> Assignee: Berenguer Blasi
> Priority: Normal
> Fix For: 4.0.x, 4.x
>
>
> CASSANDRA-16669 introduced support for obfuscating passwords for audit log
> statements, but there are a few cases where the obfuscation logic can destroy
> some of the contents of the original/provided string.
> ex. This is perfectly valid...
> {noformat}
> WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false
> {noformat}
> ...but calling obfuscate() on it will produce...
> {noformat}
> WITH LOGIN = false AND PASSWORD *******
> {noformat}
> -We should be able to create a reasonable RegEx and use String#replaceAll()
> to both simplify and correct PasswordObfuscator#obfuscate().-
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
