In working on
KNOX-2132, I couldn't actually get the call history to work and was therefore unable to make sure that the username and password params don't end up in the persisted history or at least not rendered in the listing.
Either call history no longer works or I just don't know how to enable it. Tests don't seem to cover the actual AOP based capture but record hardcoded calls rather than actual table interactions. I also notice that the aspectjrt.jar isn't being placed in the lib dir for knoxshell which seems broken.
So, first thing to do is ensure that call history is actually working and fix it if not. Then determine what to do about the username and password and persistence of call histories as the means for reconstituting a dataset. Do we build in a required login which would mean that the dataset rehydration would require a user interaction for login? Do we encrypt the credentials - if so, using what as a key and how to manage it? Do we just rely on file permissions?