Jens Deppe created GEODE-718:
--------------------------------
Summary: Gfsh history exposes passwords
Key: GEODE-718
URL: https://issues.apache.org/jira/browse/GEODE-718
Project: Geode
Issue Type: Improvement
Components: management
Reporter: Jens Deppe
When using gfsh connect statement, the entire connect statement is getting
logged in the gfsh history file, and it shows the password for the key store in
clear text in the history file.
Here is an example connect statement that is typically executed by a automation
linux script.
{noformat}
$ ./gfsh
_________________________ __
/ _____/ ______/ ______/ /____/ /
/ / __/ /___ /_____ / _____ /
/ /__/ / ____/ _____/ / / / /
/______/_/ /______/_/ /_/ v1.0.0-incubating-SNAPSHOT
Monitor and Manage GemFire
gfsh>connect --locator=vm-abcd[41111] --use-ssl=true
--key-store=/var/gemfire//conf/keystore/tomcat.jks
--key-store-password=blah-blah
--trust-store=/var/gemfire/conf/keystore/tomcat.jks
--trust-store-password=blah-blah
--ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
Connecting to Locator at [host=vm-abcd, port=41111] ..
Connecting to Manager at [host=vm-abcd, port=1099] ..
Successfully connected to: [host=vm-abcd, port=1099]
Cluster-101 gfsh>history
1 …
2 …
3 connect --locator=vm-d8c2-cb9d[41111] --use-ssl=true
--key-store=/var/gemfire/conf/keystore/tomcat.jks
--key-store-password=blah-blah
--trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password=
blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
