couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dario Freire (Created) (JIRA)" <>
Subject [jira] [Created] (COUCHDB-1314) Couchdb _replicator documents should not show passwords in clear text
Date Thu, 20 Oct 2011 21:52:10 GMT
Couchdb _replicator documents should not show passwords in clear text

                 Key: COUCHDB-1314
             Project: CouchDB
          Issue Type: Improvement
          Components: Replication
    Affects Versions: 1.1
            Reporter: Dario Freire
            Priority: Critical

The documents stored in the _replicator database show passwords in clear text.

Imagine a scenario where a developer provides a couchdb app that runs in a central location
and must synchronize with user's local couchdb instances.
The users would need to pull updates to their database by adding a document to _replicator:

    "_id": "great-app",
    "source":  "",
    "target":  "my-great-app",
    "create_target":  true

Now if the developer doesn't want his central couchdb instance to be public, he needs to protect
it by creating an admin party.
The problem is that he cannot longer share his database for replication because doing so would
reveal the admin credentials to the app users.
i.e. in order for the synchronization to work the users would need to update their _replicator
documents to:

    "_id": "great-app",
    "source":  "",
    "target":  "my-great-app",
    "create_target":  true

All in plain text.
Thus, the users would know how to access the restricted central couchdb instance.

This is just a possible scenario where showing credentials in plain text is a problem, but
by no means is the only scenario where it is a problem.

Since one of the "selling points" of couchdb is its outstanding ability to synchronize databases,
the security concerns caused by this issue make it impossible to use in practice. 
Because of this, it looks like an improvement on this matter is of critical importance.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message