[jira] [Comment Edited] (CASSANDRA-12540) Password Management: Hardcoded Password

Thu, 13 Oct 2016 06:00:40 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-12540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15571840#comment-15571840
 ] 

Stefan Podkowinski edited comment on CASSANDRA-12540 at 10/13/16 12:59 PM:
---------------------------------------------------------------------------

This would have prevented CASSANDRA-12773. There's really no reason not to get 
rid of them.

||trunk||
|[branch|https://github.com/spodkowinski/cassandra/tree/CASSANDRA-12540-trunk]|
|[dtest|http://cassci.datastax.com/view/Dev/view/spodkowinski/job/spodkowinski-CASSANDRA-12540-trunk-dtest/]|
|[testall|http://cassci.datastax.com/view/Dev/view/spodkowinski/job/spodkowinski-CASSANDRA-12540-trunk-testall/]|



was (Author: spo...@gmail.com):
This would have prevented CASSANDRA-12773. There's really no reason not to get 
rid of them.

> Password Management: Hardcoded Password
> ---------------------------------------
>
>                 Key: CASSANDRA-12540
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12540
>             Project: Cassandra
>          Issue Type: Sub-task
>            Reporter: Eduardo Aguinaga
>         Attachments: 12540-trunk.patch
>
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 
> of the Cassandra source code. The analysis included an automated analysis 
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools 
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file EncryptionOptions.java there are hard coded passwords on lines 23 
> and 25.
> {code:java}
> EncryptionOptions.java, lines 20-30:
> 20 public abstract class EncryptionOptions
> 21 {
> 22     public String keystore = "conf/.keystore";
> 23     public String keystore_password = "cassandra";
> 24     public String truststore = "conf/.truststore";
> 25     public String truststore_password = "cassandra";
> 26     public String[] cipher_suites = {
> 27         "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
> 28         "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 
> "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
> 29         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 
> "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" 
> 30     };
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to