grainier opened a new issue, #2943: URL: https://github.com/apache/iggy/issues/2943
Add an integration test that verifies plaintext passwords and raw PAT values are never written to disk. Currently, hashing before persistence is a convention enforced in shard/execution.rs (calling crypto::hash_password before state.apply()), but there's no compile-time enforcement or runtime verification. **Proposed Test** 1. Create a user with a known password 2. Create a personal access token 3. Shut down the server (flush all state to disk) 4. Scan all files under local_data for the plaintext password and raw PAT value 5. Assert neither appears anywhere on disk A simple content grep across all persisted files should be sufficient. **Motivation** This came up during #2728 (SecretString migration). The SecretString wrapper prevents accidental leaks in logs and debug output, but doesn't guarantee the persistence layer always hashes before writing. A grep-based regression test would catch it if someone ever bypasses crypto::hash_password before state.apply(). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
