Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-16983

Separating CQLSH credentials from the cqlshrc file

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • 4.1-alpha1, 4.1
    • Tool/cqlsh

    Description

      Currently, the CQLSH tool accepts credentials (username & password) from the following 3 places:
      1. the command line parameter "-p"
      2. the cqlshrc file
      3. prompt the user

      This is not ideal.
      Credentials in the command line is a security risk, because it could be see by other users on a shared system.
      The cqlshrc file is better, but still not good enough. Because the cqlshrc file is a config file, it's often acceptable to have it as a world readable file, and share it with other users. It also prevents user from having multiple sets of credentials, either for the same Cassandra cluster or different clusters.

      To improve the security of CQLSH and make it secure by design, I propose the following changes:

      • Warn the user if a password is giving in the command line, and recommend them to use a credential file instead
      • Warn the user if credentials are present in the cqlshrc file and the cqlshrc file is not secure (e.g.: world readable or owned by a different user)
      • Deprecate credentials in the cqlshrc, and recommend the user to move them to a separate credential file. The aim is to not break anything at the moment, but eventually stop accepting credentials from the cqlshrc file.
      • Reject the credentials file if it's not secure, and tell the user how to secure it. Optionally, prompt the user for password if it's an interactive session. (Think how does OpenSSH handle insecure credential files)

      Attachments

        Activity

          People

            Bowen Song Bowen Song
            Bowen Song Bowen Song
            Bowen Song
            Brandon Williams, Brian Houser, Stefan Miklosovic
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h 10m
                2h 10m