Vsql is not masking password in some cases


Vertica did a great job avoiding showing passwords and secrets in clear text.
I was surprised when vsql v 12.0.4-11 is showing password in clear text, by checking vsql process on client:

myuser@myhost: mydir $ ps -ef|grep vsql
myosaccount  7719  2146  0 13:33 pts/0    00:00:00 /opt/vertica/bin/vsql -h mydbhost -U myuser -w              -g VerticaExportTable.py -A -t -c  connect to vertica mydb user mydbuser password 'passwordincleartext' on ....

Vsql nicely masked password in -w.
It appears, vsql is not scanning SQL passed with -c for passwords and secrets and not masking them.
I think attempt to pass password in vsql var would also not masking passwords and secrets.

Please ask security team, are they consider this a problem that need attention.

(Yes I know there are more than one workaround)

Thank you

Best Answer

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file