[ https://issues.apache.org/jira/browse/KNOX-2147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay updated KNOX-2147: ------------------------------ Component/s: KnoxShell > Keep username and password out of KnoxShellTableCallHistory > ------------------------------------------------------------ > > Key: KNOX-2147 > URL: https://issues.apache.org/jira/browse/KNOX-2147 > Project: Apache Knox > Issue Type: Improvement > Components: KnoxShell > Reporter: Larry McCay > Assignee: Larry McCay > Priority: Major > Fix For: 1.4.0 > > > In working on KNOX-2132, I couldn't actually get the call history to work and > was therefore unable to make sure that the username and password params don't > end up in the persisted history or at least not rendered in the listing. > Either call history no longer works or I just don't know how to enable it. > Tests don't seem to cover the actual AOP based capture but record hardcoded > calls rather than actual table interactions. I also notice that the > aspectjrt.jar isn't being placed in the lib dir for knoxshell which seems > broken. > So, first thing to do is ensure that call history is actually working and fix > it if not. Then determine what to do about the username and password and > persistence of call histories as the means for reconstituting a dataset. Do > we build in a required login which would mean that the dataset rehydration > would require a user interaction for login? Do we encrypt the credentials - > if so, using what as a key and how to manage it? Do we just rely on file > permissions? > -- This message was sent by Atlassian Jira (v8.3.4#803005)