[jira] [Commented] (CASSANDRA-17334) Pre hashed passwords in CQL

Mon, 21 Mar 2022 12:31:06 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510082#comment-17510082
 ] 

Andres de la Peña commented on CASSANDRA-17334:
-----------------------------------------------

It seems that a Jenkins run for the commit reverting the changes has hit an 
[unseen failure on 
{{org.apache.cassandra.db.ImportTest.testImportCorrupt-cdc}}|https://ci-cassandra.apache.org/job/Cassandra-trunk/1029/testReport/org.apache.cassandra.db/ImportTest/testImportCorrupt_cdc_4/].
 I very much doubt that the failure has anything to do with this ticket, and 
even less with the commit reverting to the initial state. I haven't been able 
to reproduce the failure with the test multiplexer.

> Pre hashed passwords in CQL
> ---------------------------
>
>                 Key: CASSANDRA-17334
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17334
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Authorization
>            Reporter: Berenguer Blasi
>            Assignee: Berenguer Blasi
>            Priority: Normal
>             Fix For: 4.1
>
>         Attachments: cqlsh.diff
>
>          Time Spent: 5h
>  Remaining Estimate: 0h
>
> As seen on CASSANDRA-16801 and friends we are working across the system with 
> plain text passwords. These can be unintentionally revealed by intermediate 
> systems. Allowing the use of hashed passwords should mitigate that. The idea 
> is to add a new option {{HASHED PASSWORD}} for {{CREATE/ALTER ROLE/USER}}. 
> Examples:
> {noformat}
> CREATE ROLE foo WITH login = true AND hashed password = 
> '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';
> ALTER ROLE foo WITH hashed password = 
> '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';
> {noformat}
> To generate the password hash, there will be a new tool {{hash_password}} in 
> resources/cassandra/bin
> Based on original works from [~snazy]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to