couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@tumbolia.org>
Subject Re: git commit: Allow POST to _log.
Date Sun, 30 Oct 2011 19:41:35 GMT
Done.

On Sun, Oct 30, 2011 at 7:14 PM, Jan Lehnardt <jan@apache.org> wrote:

>
> On Oct 30, 2011, at 19:49 , Noah Slater wrote:
>
> > Doesn't this allow malicious user agents to craft spoofed log entries for
> > CouchDB? You could make it look like something very serious was
> happening,
> > causing the CouchDB admin to take measures that harm the server or the
> data
> > it contains. If we're going to do this at all (and I am not sure I see a
> > valid use case here) then the message should be prefixed with a big fat
> > notice that it's user generated.
>
> Good thinking, do you want to move the discussion to
> https://issues.apache.org/jira/browse/COUCHDB-464 so we don't have two
> place to look later?
>
> I'll reply with my idea about it :)
>
> Cheers
> Jan
> --
>
> >
> > On Sun, Oct 30, 2011 at 4:39 PM, <jan@apache.org> wrote:
> >
> >> Updated Branches:
> >> refs/heads/master f94530da9 -> 6cffccdfe
> >>
> >>
> >> Allow POST to _log.
> >>
> >> POST /_log {"level":"info|debug|error", "message":"your message here"}
> >>
> >> Patch by Robert Newson.
> >>
> >> Closes COUCHDB-464
> >>
> >>
> >> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
> >> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6cffccdf
> >> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6cffccdf
> >> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6cffccdf
> >>
> >> Branch: refs/heads/master
> >> Commit: 6cffccdfe08e6d859cc7e83be3bcc521bf68fd5a
> >> Parents: f94530d
> >> Author: Jan Lehnardt <jan@apache.org>
> >> Authored: Sun Oct 30 17:38:18 2011 +0100
> >> Committer: Jan Lehnardt <jan@apache.org>
> >> Committed: Sun Oct 30 17:38:18 2011 +0100
> >>
> >> ----------------------------------------------------------------------
> >> src/couchdb/couch_httpd_misc_handlers.erl |   21 ++++++++++++++++++---
> >> 1 files changed, 18 insertions(+), 3 deletions(-)
> >> ----------------------------------------------------------------------
> >>
> >>
> >>
> >>
> http://git-wip-us.apache.org/repos/asf/couchdb/blob/6cffccdf/src/couchdb/couch_httpd_misc_handlers.erl
> >> ----------------------------------------------------------------------
> >> diff --git a/src/couchdb/couch_httpd_misc_handlers.erl
> >> b/src/couchdb/couch_httpd_misc_handlers.erl
> >> index 8abf0aa..ae6ffe3 100644
> >> --- a/src/couchdb/couch_httpd_misc_handlers.erl
> >> +++ b/src/couchdb/couch_httpd_misc_handlers.erl
> >> @@ -254,7 +254,22 @@ handle_log_req(#httpd{method='GET'}=Req) ->
> >>    ]),
> >>    send_chunk(Resp, Chunk),
> >>    last_chunk(Resp);
> >> +handle_log_req(#httpd{method='POST'}=Req) ->
> >> +    {PostBody} = couch_httpd:json_body_obj(Req),
> >> +    Level = couch_util:get_value(<<"level">>, PostBody),
> >> +    Message = ?b2l(couch_util:get_value(<<"message">>, PostBody)),
> >> +    case Level of
> >> +    <<"debug">> ->
> >> +        ?LOG_DEBUG(Message, []),
> >> +        send_json(Req, 200, {[{ok, true}]});
> >> +    <<"info">> ->
> >> +        ?LOG_INFO(Message, []),
> >> +        send_json(Req, 200, {[{ok, true}]});
> >> +    <<"error">> ->
> >> +        ?LOG_ERROR(Message, []),
> >> +        send_json(Req, 200, {[{ok, true}]});
> >> +    _ ->
> >> +        send_json(Req, 400, {[{error, ?l2b(io_lib:format("Unrecognized
> >> log level '~s'", [Level]))}]})
> >> +    end;
> >> handle_log_req(Req) ->
> >> -    send_method_not_allowed(Req, "GET").
> >> -
> >> -
> >> +    send_method_not_allowed(Req, "GET,POST").
> >>
> >>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message