[jira] [Commented] (KAFKA-4754) Correctly parse '=' characters in command line overrides

2017-02-17 Thread Colin P. McCabe (JIRA) 

[ 
https://issues.apache.org/jira/browse/KAFKA-4754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15872228#comment-15872228
 ] 

Colin P. McCabe commented on KAFKA-4754:


Sorry, I guess I was unclear... I definitely think we should fix this (and 
accept this pull request), but I was just commenting that there was another 
separate improvement we might want to make, where we create a warning log 
message about passwords on the command line.

Thanks for giving me some context about the discussion-- I can see you've 
already thought about some of these issues :)

> Correctly parse '=' characters in command line overrides
> 
>
> Key: KAFKA-4754
> URL: https://issues.apache.org/jira/browse/KAFKA-4754
> Project: Kafka
>  Issue Type: Bug
>Affects Versions: 0.9.0.0
>Reporter: Grant Henke
>Assignee: Grant Henke
>
> When starting Kafka with an override parameter via "--override 
> my.parameter=myvalue".
> If a value contains an '=' character it fails and exits with "Invalid command 
> line properties:.."
> Often passwords contain an '=' character so its important to support that 
> value. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KAFKA-4754) Correctly parse '=' characters in command line overrides

2017-02-17 Thread Grant Henke (JIRA) 

[ 
https://issues.apache.org/jira/browse/KAFKA-4754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15872139#comment-15872139
 ] 

Grant Henke commented on KAFKA-4754:


{quote}
This could expose the password to anyone who is able to run ps on the system, 
or look at the bash history. So I'm not sure that we should be concerned about 
the println
{quote}

I think its worth adding, just because 1 thing is wrong and a security hole 
,doesn't mean we shouldn't close of fix others. If security were all or nothing 
we would be left with nothing. Often application logs are passed around 
aggregated and collected. Access to a machine to run ps or look at the history 
is a much lower concern than that.

> Correctly parse '=' characters in command line overrides
> 
>
> Key: KAFKA-4754
> URL: https://issues.apache.org/jira/browse/KAFKA-4754
> Project: Kafka
>  Issue Type: Bug
>Affects Versions: 0.9.0.0
>Reporter: Grant Henke
>Assignee: Grant Henke
>
> When starting Kafka with an override parameter via "--override 
> my.parameter=myvalue".
> If a value contains an '=' character it fails and exits with "Invalid command 
> line properties:.."
> Often passwords contain an '=' character so its important to support that 
> value. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KAFKA-4754) Correctly parse '=' characters in command line overrides

2017-02-17 Thread Grant Henke (JIRA) 

[ 
https://issues.apache.org/jira/browse/KAFKA-4754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15872127#comment-15872127
 ] 

Grant Henke commented on KAFKA-4754:


{quote}
Hmm. It is not a good practice to pass passwords through the command line. 
{quote}

I agree, but my usage is not via command line. Its actually used internal to 
the application and used to improve security. This functionality supports a 
workaround since there was pushback of the feature proposed in KAFKA-2629. I 
generate the password, and pass it via a call to kafka.Kafka.main(args: 
Array[String]).



> Correctly parse '=' characters in command line overrides
> 
>
> Key: KAFKA-4754
> URL: https://issues.apache.org/jira/browse/KAFKA-4754
> Project: Kafka
>  Issue Type: Bug
>Affects Versions: 0.9.0.0
>Reporter: Grant Henke
>Assignee: Grant Henke
>
> When starting Kafka with an override parameter via "--override 
> my.parameter=myvalue".
> If a value contains an '=' character it fails and exits with "Invalid command 
> line properties:.."
> Often passwords contain an '=' character so its important to support that 
> value. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KAFKA-4754) Correctly parse '=' characters in command line overrides

2017-02-17 Thread Colin P. McCabe (JIRA) 

[ 
https://issues.apache.org/jira/browse/KAFKA-4754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15872116#comment-15872116
 ] 

Colin P. McCabe commented on KAFKA-4754:


bq. Its worth noting, it was also possible to echo out passwords on any error 
in this code path via CommandLineUtils.parseKeyValueArgs: 
System.err.println("Invalid command line properties: " + args.mkString(" "))

Hmm.  It is not a good practice to pass passwords through the command line.  
This could expose the password to anyone who is able to run {{ps}} on the 
system, or look at the bash history.  So I'm not sure that we should be 
concerned about the {{println}}.  In fact, we might want to deprecate the 
{{\--password}} option.

> Correctly parse '=' characters in command line overrides
> 
>
> Key: KAFKA-4754
> URL: https://issues.apache.org/jira/browse/KAFKA-4754
> Project: Kafka
>  Issue Type: Bug
>Affects Versions: 0.9.0.0
>Reporter: Grant Henke
>Assignee: Grant Henke
>
> When starting Kafka with an override parameter via "--override 
> my.parameter=myvalue".
> If a value contains an '=' character it fails and exits with "Invalid command 
> line properties:.."
> Often passwords contain an '=' character so its important to support that 
> value. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KAFKA-4754) Correctly parse '=' characters in command line overrides

2017-02-09 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/KAFKA-4754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15860620#comment-15860620
 ] 

ASF GitHub Bot commented on KAFKA-4754:
---

GitHub user granthenke opened a pull request:

https://github.com/apache/kafka/pull/2529

KAFKA-4754: Correctly parse '=' characters in command line overrides



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/granthenke/kafka equals-parsing

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/kafka/pull/2529.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2529


commit a48d8aff6dc04da0afe75b4e8d08513cc064fd68
Author: Grant Henke 
Date:   2017-02-10T02:30:12Z

KAFKA-4754: Correctly parse '=' characters in command line overrides




> Correctly parse '=' characters in command line overrides
> 
>
> Key: KAFKA-4754
> URL: https://issues.apache.org/jira/browse/KAFKA-4754
> Project: Kafka
>  Issue Type: Bug
>Affects Versions: 0.9.0.0
>Reporter: Grant Henke
>Assignee: Grant Henke
>
> When starting Kafka with an override parameter via "--override 
> my.parameter=myvalue".
> If a value contains an '=' character it fails and exits with "Invalid command 
> line properties:.."
> Often passwords contain an '=' character so its important to support that 
> value. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KAFKA-4754) Correctly parse '=' characters in command line overrides

2017-02-09 Thread Grant Henke (JIRA) 

[ 
https://issues.apache.org/jira/browse/KAFKA-4754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15860597#comment-15860597
 ] 

Grant Henke commented on KAFKA-4754:


Its worth noting, it was also possible to echo out passwords on any error in 
this code path via CommandLineUtils.parseKeyValueArgs: 
{noformat}
System.err.println("Invalid command line properties: " + args.mkString(" "))
{noformat}

> Correctly parse '=' characters in command line overrides
> 
>
> Key: KAFKA-4754
> URL: https://issues.apache.org/jira/browse/KAFKA-4754
> Project: Kafka
>  Issue Type: Bug
>Affects Versions: 0.9.0.0
>Reporter: Grant Henke
>Assignee: Grant Henke
>
> When starting Kafka with an override parameter via "--override 
> my.parameter=myvalue".
> If a value contains an '=' character it fails and exits with "Invalid command 
> line properties:.."
> Often passwords contain an '=' character so its important to support that 
> value. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)