[ https://issues.apache.org/jira/browse/GEODE-2119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15707256#comment-15707256 ]
Diane Hardman commented on GEODE-2119: -------------------------------------- I just verified that when I start a server and add the --user=<user> and then get prompted for the password, the password I type in is displayed as '*'s, but the full text for the password still shows up in the server logfile. This does NOT seem to be the case with the locator log file. > gfsh user and password visible in clear text > -------------------------------------------- > > Key: GEODE-2119 > URL: https://issues.apache.org/jira/browse/GEODE-2119 > Project: Geode > Issue Type: Bug > Components: gfsh > Reporter: Karen Smoler Miller > > Both gfsh connect and gfsh start server allow the specification on the > command line of a user name and a password for use as credentials in > authentication. Clear text versions of the user name and password are then > visible > 1. if the user runs gfsh history > 2. in historyfile, if the user runs gfsh history --file=historyfile > 3. in the output of ps > It would be worth a check to see if clear text versions of the user or > password end up in any locator or server logs. I don't believe it does for > gfsh connect, but it might for the start server case. -- This message was sent by Atlassian JIRA (v6.3.4#6332)