Hi list, During our evaluation of 4.0 internally, we noticed that there are passwords in the plaintext in audit logging (and in fql). While I was going through CASSANDRA-12151, I noticed that the password obfuscation in these components was planned but it was never implemented and it was merged without it, probably it was just lost in the process.
There is ongoing effort in CASSANDRA-16669 to fix this and we are almost there, it is a rather easy fix, but the question is: what is this actually supposed to be merged into? While I humbly think this is 4.0-worthy, the process we have, as far as I know, is that there should be only critical fixes in 4.0 so I guess this will go to 4.0.1, right? Or does this qualify to go to 4.0 still? Where is that line? The existing workaround is to exclude DCL statements from auditing but in practice I can imagine that people notice this and exclude it after they have already been leaked because they do not know in advance it is not obfuscated. Are we all on the same page this should go to 4.0.x? I made my peace with it, I just want to double check that people are aware of this and 4.0 will by default display passwords in audit logs in plain text otherwise. One sub-question - do you think that FQL should _not_ obfuscate it? As it is meant to replay it all, replaying obfuscated passwords does not make a lot of sense but on the other hand I am not sure we want to have them in the logs. What is your idea around this? Regards --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org For additional commands, e-mail: dev-h...@cassandra.apache.org
