couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Filipe Manana (Closed) (JIRA)" <>
Subject [jira] [Closed] (COUCHDB-1314) Couchdb _replicator documents should not show passwords in clear text
Date Fri, 06 Jan 2012 14:33:39 GMT


Filipe Manana closed COUCHDB-1314.

       Resolution: Fixed
    Fix Version/s: 1.2

This issue is fixed by the recently committed security changes.
Consult the following wiki pages:
> Couchdb _replicator documents should not show passwords in clear text
> ---------------------------------------------------------------------
>                 Key: COUCHDB-1314
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Replication
>    Affects Versions: 1.1
>            Reporter: Dario Freire
>            Priority: Critical
>              Labels: replication, replicator, security
>             Fix For: 1.2
> The documents stored in the _replicator database show passwords in clear text.
> Imagine a scenario where a developer provides a couchdb app that runs in a central location
and must synchronize with user's local couchdb instances.
> The users would need to pull updates to their database by adding a document to _replicator:
> {
>     "_id": "great-app",
>     "source":  "",
>     "target":  "my-great-app",
>     "create_target":  true
> }
> Now if the developer doesn't want his central couchdb instance to be public, he needs
to protect it by creating an admin party.
> The problem is that he cannot longer share his database for replication because doing
so would reveal the admin credentials to the app users.
> i.e. in order for the synchronization to work the users would need to update their _replicator
documents to:
> {
>     "_id": "great-app",
>     "source":  "",
>     "target":  "my-great-app",
>     "create_target":  true
> }
> All in plain text.
> Thus, the users would know how to access the restricted central couchdb instance.
> This is just a possible scenario where showing credentials in plain text is a problem,
but by no means is the only scenario where it is a problem.
> Since one of the "selling points" of couchdb is its outstanding ability to synchronize
databases, the security concerns caused by this issue make it impossible to use in practice.

> Because of this, it looks like an improvement on this matter is of critical importance.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message