[jira] [Updated] (GEODE-718) Gfsh history exposes passwords

Wed, 30 Dec 2015 09:18:05 -0800 

     [ 
https://issues.apache.org/jira/browse/GEODE-718?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jens Deppe updated GEODE-718:
-----------------------------
    Description: 
When using gfsh connect statement, the entire connect statement is getting 
logged in the gfsh history file, and it shows the password for the key store in 
clear text in the history file.
Here is an example connect statement that is typically executed by a automation 
linux script.
{noformat}
$ ./gfsh
    _________________________     __
   / _____/ ______/ ______/ /____/ /
  / /  __/ /___  /_____  / _____  /
 / /__/ / ____/  _____/ / /    / /
/______/_/      /______/_/    /_/    v1.0.0-incubating-SNAPSHOT

Monitor and Manage GemFire
gfsh>connect --locator=vm-abcd[41111] --use-ssl=true 
--key-store=/var/gemfire//conf/keystore/tomcat.jks 
--key-store-password=blah-blah 
--trust-store=/var/gemfire/conf/keystore/tomcat.jks 
--trust-store-password=blah-blah 
--ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
Connecting to Locator at [host=vm-abcd, port=41111] ..
Connecting to Manager at [host=vm-abcd, port=1099] ..
Successfully connected to: [host=vm-abcd, port=1099]
Cluster-101 gfsh>history
1 …
2 …
3 connect --locator=vm-abcd[41111] --use-ssl=true 
--key-store=/var/gemfire/conf/keystore/tomcat.jks 
--key-store-password=blah-blah 
--trust-store=/var/gemfire/conf/keystore/tomcat.jks 
--trust-store-password=blah-blah 
--ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
{noformat}


  was:
When using gfsh connect statement, the entire connect statement is getting 
logged in the gfsh history file, and it shows the password for the key store in 
clear text in the history file.
Here is an example connect statement that is typically executed by a automation 
linux script.
{noformat}
$ ./gfsh
    _________________________     __
   / _____/ ______/ ______/ /____/ /
  / /  __/ /___  /_____  / _____  /
 / /__/ / ____/  _____/ / /    / /
/______/_/      /______/_/    /_/    v1.0.0-incubating-SNAPSHOT

Monitor and Manage GemFire
gfsh>connect --locator=vm-abcd[41111] --use-ssl=true 
--key-store=/var/gemfire//conf/keystore/tomcat.jks 
--key-store-password=blah-blah 
--trust-store=/var/gemfire/conf/keystore/tomcat.jks 
--trust-store-password=blah-blah 
--ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
Connecting to Locator at [host=vm-abcd, port=41111] ..
Connecting to Manager at [host=vm-abcd, port=1099] ..
Successfully connected to: [host=vm-abcd, port=1099]
Cluster-101 gfsh>history
1 …
2 …
3 connect --locator=vm-abcd[41111] --use-ssl=true 
--key-store=/var/gemfire/conf/keystore/tomcat.jks 
--key-store-password=blah-blah 
--trust-store=/var/gemfire/conf/keystore/tomcat.jks --trust-store-password= 
blah-blah --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
{noformat}



> Gfsh history exposes passwords
> ------------------------------
>
>                 Key: GEODE-718
>                 URL: https://issues.apache.org/jira/browse/GEODE-718
>             Project: Geode
>          Issue Type: Improvement
>          Components: management
>            Reporter: Jens Deppe
>
> When using gfsh connect statement, the entire connect statement is getting 
> logged in the gfsh history file, and it shows the password for the key store 
> in clear text in the history file.
> Here is an example connect statement that is typically executed by a 
> automation linux script.
> {noformat}
> $ ./gfsh
>     _________________________     __
>    / _____/ ______/ ______/ /____/ /
>   / /  __/ /___  /_____  / _____  /
>  / /__/ / ____/  _____/ / /    / /
> /______/_/      /______/_/    /_/    v1.0.0-incubating-SNAPSHOT
> Monitor and Manage GemFire
> gfsh>connect --locator=vm-abcd[41111] --use-ssl=true 
> --key-store=/var/gemfire//conf/keystore/tomcat.jks 
> --key-store-password=blah-blah 
> --trust-store=/var/gemfire/conf/keystore/tomcat.jks 
> --trust-store-password=blah-blah 
> --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
> Connecting to Locator at [host=vm-abcd, port=41111] ..
> Connecting to Manager at [host=vm-abcd, port=1099] ..
> Successfully connected to: [host=vm-abcd, port=1099]
> Cluster-101 gfsh>history
> 1 …
> 2 …
> 3 connect --locator=vm-abcd[41111] --use-ssl=true 
> --key-store=/var/gemfire/conf/keystore/tomcat.jks 
> --key-store-password=blah-blah 
> --trust-store=/var/gemfire/conf/keystore/tomcat.jks 
> --trust-store-password=blah-blah 
> --ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 --protocols=TLSv1.2
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to