couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noah Slater (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-464) Allow POST to _log for external processes
Date Sun, 30 Oct 2011 19:42:32 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13139726#comment-13139726
] 

Noah Slater commented on COUCHDB-464:
-------------------------------------

Doesn't this allow malicious user agents to craft spoofed log entries for CouchDB? You could
make it look like something very serious was happening, causing the CouchDB admin to take
measures that harm the server or the data it contains. If we're going to do this at all (and
I am not sure I see a valid use case here) then the message should be prefixed with a big
fat notice that it's user generated.
                
> Allow POST to _log for external processes
> -----------------------------------------
>
>                 Key: COUCHDB-464
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-464
>             Project: CouchDB
>          Issue Type: New Feature
>            Reporter: Robert Newson
>             Fix For: 1.3
>
>         Attachments: 0001-Add-POST-support-to-_log.patch, 0001-Add-POST-support-to-_log.patch,
0001-Add-POST-support-to-_log.patch
>
>
> Add POST support to _log so that external processes can also log to couch.log. This would
allow couchdb-lucene (to pick a random example) to log consistently. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message