[CASSANDRA-16801] PasswordObfuscator should not assume PASSWORD is the last item in the WITH clause - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.0.2, 4.1-alpha1, 4.1
Component/s: Tool/auditlogging
Labels:
None

Bug Category:
Correctness
Severity:
Normal
Complexity:
Normal
Discovered By:
Code Inspection
Platform:

All
Impacts:

None
Since Version:

4.0
Source Control Link:

https://github.com/apache/cassandra/commit/85248da628770d9d93fdd2cbd1eedd55b3ddc206
Test and Documentation Plan:

Hide

See PR

Show
See PR

Description

~~CASSANDRA-16669~~ introduced support for obfuscating passwords for audit log statements, but there are a few cases where the obfuscation logic can destroy some of the contents of the original/provided string.

ex. This is perfectly valid...

WITH LOGIN = false AND PASSWORD = 'bar' AND SUPERUSER = false

...but calling obfuscate() on it will produce...

WITH LOGIN = false AND PASSWORD *******

~~We should be able to create a reasonable RegEx and use String#replaceAll() to both simplify and correct PasswordObfuscator#obfuscate().~~

Attachments

Issue Links

is a parent of

CASSANDRA-17334 Pre hashed passwords in CQL

Resolved

is related to

CASSANDRA-16669 Password obfuscation for DCL audit log statements

Resolved

links to

CASSANDRA-16801 PR 4.0

CASSANDRA-16801 PR trunk

Activity

People

Assignee:: Berenguer Blasi

Reporter:: Caleb Rackliffe

Authors:: Berenguer Blasi

Reviewers:: Benjamin Lerer, Ekaterina Dimitrova

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 13/Jul/21 19:34

Updated:: 27/May/22 19:24

Resolved:: 25/Jan/22 06:19