[ 
https://issues.apache.org/jira/browse/KAFKA-4754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15872139#comment-15872139
 ] 

Grant Henke commented on KAFKA-4754:
------------------------------------

{quote}
This could expose the password to anyone who is able to run ps on the system, 
or look at the bash history. So I'm not sure that we should be concerned about 
the println
{quote}

I think its worth adding, just because 1 thing is wrong and a security hole 
,doesn't mean we shouldn't close of fix others. If security were all or nothing 
we would be left with nothing. Often application logs are passed around 
aggregated and collected. Access to a machine to run ps or look at the history 
is a much lower concern than that.

> Correctly parse '=' characters in command line overrides
> --------------------------------------------------------
>
>                 Key: KAFKA-4754
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4754
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.9.0.0
>            Reporter: Grant Henke
>            Assignee: Grant Henke
>
> When starting Kafka with an override parameter via "--override 
> my.parameter=myvalue".
> If a value contains an '=' character it fails and exits with "Invalid command 
> line properties:.."
> Often passwords contain an '=' character so its important to support that 
> value. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to