Details
-
Improvement
-
Status: Resolved
-
Low
-
Resolution: Won't Fix
-
None
-
None
Description
We are sending the jmx password in the clear to the node tool command in production. This is a security risk. Any one doing a 'ps' can see the clear password. Can we change the node tool command to also take a password file argument. This file will list the JMX user and passwords. Example below:
cat /cassandra/run/10003004.jmxpasswd
monitorRole abc
controlRole def
Based on the user name provided, node tool can pick up the right password.
Attachments
Attachments
Issue Links
- is a clone of
-
CASSANDRA-6660 Make node tool command take a password file
- Resolved