[ https://issues.apache.org/jira/browse/KNOX-2147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16990953#comment-16990953 ]
Larry McCay commented on KNOX-2147: ----------------------------------- Looks like maybe the runtime jar is shaded into the weaver jar or they were combined in this version. > Keep username and password out of KnoxShellTableCallHistory > ------------------------------------------------------------ > > Key: KNOX-2147 > URL: https://issues.apache.org/jira/browse/KNOX-2147 > Project: Apache Knox > Issue Type: Improvement > Reporter: Larry McCay > Assignee: Larry McCay > Priority: Major > Fix For: 1.4.0 > > > In working on KNOX-2132, I couldn't actually get the call history to work and > was therefore unable to make sure that the username and password params don't > end up in the persisted history or at least not rendered in the listing. > Either call history no longer works or I just don't know how to enable it. > Tests don't seem to cover the actual AOP based capture but record hardcoded > calls rather than actual table interactions. I also notice that the > aspectjrt.jar isn't being placed in the lib dir for knoxshell which seems > broken. > So, first thing to do is ensure that call history is actually working and fix > it if not. Then determine what to do about the username and password and > persistence of call histories as the means for reconstituting a dataset. Do > we build in a required login which would mean that the dataset rehydration > would require a user interaction for login? Do we encrypt the credentials - > if so, using what as a key and how to manage it? Do we just rely on file > permissions? > -- This message was sent by Atlassian Jira (v8.3.4#803005)