Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-17334

Pre hashed passwords in CQL

    XMLWordPrintableJSON

Details

    Description

      As seen on CASSANDRA-16801 and friends we are working across the system with plain text passwords. These can be unintentionally revealed by intermediate systems. Allowing the use of hashed passwords should mitigate that. The idea is to add a new option HASHED PASSWORD for CREATE/ALTER ROLE/USER. Examples:

      CREATE ROLE foo WITH login = true AND hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';
      ALTER ROLE foo WITH hashed password = '$2a$10$JSJEMFm6GeaW9XxT5JIheuEtPvat6i7uKbnTcxX3c1wshIIsGyUtG';
      

      To generate the password hash, there will be a new tool hash_password in resources/cassandra/bin

      Based on original works from snazy

      Attachments

        1. cqlsh.diff
          2 kB
          Berenguer Blasi

        Issue Links

          Activity

            People

              bereng Berenguer Blasi
              bereng Berenguer Blasi
              Berenguer Blasi
              Andres de la Peña
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 5h 40m
                  5h 40m