[
https://issues.apache.org/jira/browse/KNOX-2147?focusedWorklogId=359551&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-359551
]
ASF GitHub Bot logged work on KNOX-2147:
----------------------------------------
Author: ASF GitHub Bot
Created on: 13/Dec/19 17:58
Start Date: 13/Dec/19 17:58
Worklog Time Spent: 10m
Work Description: risdenk commented on pull request #217: KNOX-2147 -
Mask username/password in case we display call history and keep them safely (by
setting proper file permissions) in JSON file
URL: https://github.com/apache/knox/pull/217#discussion_r357762209
##########
File path:
gateway-shell/src/main/java/org/apache/knox/gateway/shell/table/JDBCKnoxShellTableBuilder.java
##########
@@ -107,15 +109,12 @@ public KnoxShellTable sql(String sql) throws
IOException, SQLException {
return this.table;
}
- public Connection createConnection() throws SQLException {
- Connection con = null;
- if (username != null && pass != null) {
- con = DriverManager.getConnection(connectionUrl, username, pass);
- }
- else {
- con = DriverManager.getConnection(connectionUrl);
+ private Connection createConnection() throws SQLException {
+ if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(pass)) {
Review comment:
should a `""` password be allowed? (I have no idea if that is valid)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 359551)
Time Spent: 20m (was: 10m)
> Keep username and password out of KnoxShellTableCallHistory
> ------------------------------------------------------------
>
> Key: KNOX-2147
> URL: https://issues.apache.org/jira/browse/KNOX-2147
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxShell
> Reporter: Larry McCay
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.4.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> In working on KNOX-2132, I couldn't actually get the call history to work and
> was therefore unable to make sure that the username and password params don't
> end up in the persisted history or at least not rendered in the listing.
> Either call history no longer works or I just don't know how to enable it.
> Tests don't seem to cover the actual AOP based capture but record hardcoded
> calls rather than actual table interactions. I also notice that the
> aspectjrt.jar isn't being placed in the lib dir for knoxshell which seems
> broken.
> So, first thing to do is ensure that call history is actually working and fix
> it if not. Then determine what to do about the username and password and
> persistence of call histories as the means for reconstituting a dataset. Do
> we build in a required login which would mean that the dataset rehydration
> would require a user interaction for login? Do we encrypt the credentials -
> if so, using what as a key and how to manage it? Do we just rely on file
> permissions?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
