[
https://issues.apache.org/jira/browse/GEODE-4318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dick Cavender closed GEODE-4318.
--------------------------------
> gfsh does not redact passwords from history if given without =
> --------------------------------------------------------------
>
> Key: GEODE-4318
> URL: https://issues.apache.org/jira/browse/GEODE-4318
> Project: Geode
> Issue Type: Bug
> Components: gfsh, security
> Reporter: Patrick Rhomberg
> Priority: Major
> Fix For: 1.10.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The {{ArgumentRedactor}} expects arguments in the form {{--option=value}} and
> detects what should be redacted based on {{option}}. However, when given as
> {{--option value}}, the terms {{option}} and {{value}} will be parsed
> separately and {{value}} will not be redacted.
> As a consequence, any {{gfsh}} command executed with {{[command] --user
> username --password myPassword}} will be visible in plaintext in command
> history.
> ----
> Update: Upon a quick investigation, it appears that this and GEODE-3452 both
> can be addressed by creating / overriding and redacting in {{GfshHistory}}'s
> implementation of {{jline.console.history.History::add}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
