Done. See https://issues.apache.org/jira/browse/GEODE-2119 for my attempt at describing the issue in a JIRA ticket.
On Wed, Nov 16, 2016 at 11:09 AM, Swapnil Bawaskar <sbawas...@pivotal.io> wrote: > Thanks for find these Karen, Can you please file a JIRA for this issue? > > On Tue, Nov 15, 2016 at 5:29 PM, Karen Miller <kmil...@pivotal.io> wrote: > > > Also, when doing a gfsh connect (not just start server) that specifies > user > > and password > > on the command line, if a further command of > > gfsh history --file=historyfilename > > is executed, the user and password are written in clear text to the > history > > file. > > > > > > On Tue, Nov 15, 2016 at 12:31 PM, Jinmei Liao <jil...@pivotal.io> wrote: > > > > > I thought we had code that deals with redacting password in gfsh > history, > > > not sure why it's not in effect anymore. > > > > > > On Tue, Nov 15, 2016 at 2:27 PM, Swapnil Bawaskar < > sbawas...@pivotal.io> > > > wrote: > > > > > > > When you want to connect to a secure system you can choose not to use > > the > > > > --password option at which point you will be prompted to enter a > > > > username/password. > > > > e.g: > > > > gfsh>connect --locator=localhost[10334] > > > > Connecting to Locator at [host=localhost, port=10334] .. > > > > Connecting to Manager at [host=192.168.1.181, port=1099] .. > > > > username: super-user > > > > password: **** > > > > > > > > > > > > On Tue, Nov 15, 2016 at 11:55 AM, Kirk Lund <kl...@apache.org> > wrote: > > > > > > > > > There should be redaction in gfsh history. Maybe repeating the > > command > > > > is a > > > > > case that wasn't fully covered? This is a bug we'll need to file > and > > > fix. > > > > > > > > > > Clear text in process string is probably not a bug. Users should > > > > implement > > > > > a callback to provide the password instead of providing it as a > > system > > > > > property unless they're ok with it showing in the process string. > > This > > > > may > > > > > need more documentation? > > > > > > > > > > The logs should not contain the clear text password and this would > > be a > > > > bug > > > > > if it does. > > > > > > > > > > -Kirk > > > > > > > > > > > > > > > On Tue, Nov 15, 2016 at 11:08 AM, Karen Miller <kmil...@apache.org > > > > > > wrote: > > > > > > > > > > > When specifying user name and password to use as authentication > > > > > credentials > > > > > > with the gfsh start server command, the password is specified in > > the > > > > > clear. > > > > > > I've added a note in the documentation to point this out, but > > > > specifying > > > > > a > > > > > > password > > > > > > in this way leads to further ways the clear text password can be > > > seen. > > > > > > > > > > > > - gfsh history will repeat back the command with the password > shown > > > > > > - any user on the box can see the clear text password with 'ps' > > > > > > - (haven't checked if this happens) logs may have the clear text > > > > password > > > > > > > > > > > > Is this an issue? The history is for a particular user, so not > so > > > bad. > > > > > > Logs can use file system permissions to reduce access. But > anyone > > > with > > > > > > access to the box can list the processes. > > > > > > > > > > > > Karen > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Cheers > > > > > > Jinmei > > > > > >
