When specifying user name and password to use as authentication credentials
with the gfsh start server command, the password is specified in the clear.
I've added a note in the documentation to point this out, but specifying a
password
in this way leads to further ways the clear text password can be seen.

- gfsh history will repeat back the command with the password shown
- any user on the box can see the clear text password with 'ps'
- (haven't checked if this happens) logs may have the clear text password

Is this an issue?  The history is for a particular user, so not so bad.
Logs can use file system permissions to reduce access.  But anyone with
access to the box can list the processes.

Karen

Reply via email to