Copy link to issue

summary

Ignore credentials in secure connect bundle [DataStax Astra]

Description

Currently, the Java driver falls back to the config json credentials if they are present, even if the user provided their own credentials.

The Astra secure connect bundle no longer has the credentials in config.json due to it being considered a security vulnerability so we should completely ignore those fields in the config.json.

Environment

None

Pull Requests

None

Activity

Show:

Erik Merkle

July 22, 2020, 4:07 PM

Copy link to comment

At the risk of potentially creating more problems, do we want to consider a log if the driver detects username/password in the bundle?

Fixed

Assignee

Tomasz Lelek

Reporter

Alexandre Dutra

Labels

None

PM Priority

None

Affects versions

None

Fix versions

4.8.0

Pull Request

https://github.com/datastax/java-driver/pull/1481

Doc Impact

None

Size

None

External issue ID

None

External issue ID

None

Reviewer

Alexandre Dutra

Priority

Major

Configure

Drivers Scrum Board

Ignore credentials in secure connect bundle [DataStax Astra]

Description

Environment

Pull Requests

Activity

Assignee

Reporter

Labels

PM Priority

Affects versions

Fix versions

Pull Request

Doc Impact

Size

External issue ID

External issue ID

Reviewer

Priority