couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucas T (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-1626) BASIC auth password appear in log in plaintext during an error
Date Tue, 11 Dec 2012 15:53:24 GMT
Lucas T created COUCHDB-1626:
--------------------------------

             Summary: BASIC auth password appear in log in plaintext during an error
                 Key: COUCHDB-1626
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1626
             Project: CouchDB
          Issue Type: Bug
          Components: Build System, Infrastructure
            Reporter: Lucas T



During testing, I see in the log that the password use in BASIC Auth was hidden by *****.
 
But when i try a replication who tell a ERRConn. The stack trace of error contain the password
in plain-text.
And store in log file.
I doubt it's a debug feature.
I paste my couch log here: I hidden private info my self with AAAAA
Tue, 11 Dec 2012 13:46:14 GMT] [info] [<0.379.0>] Retrying HEAD request to
> https://lucas-AAAAA-1:*****@backup-1.AAAAAA.cc/lucas-AAAAA-1/ in
> 16.0 seconds due to error {conn_failed,{error,eoptions}}
> [Tue, 11 Dec 2012 13:46:28 GMT] [info] [<0.133.0>] 10.0.0.23 - - POST
> /_replicate 500
> [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] ** Generic server
> <0.389.0> terminating
> ** Last message in was {'EXIT',<0.379.0>,killed}
> ** When Server state == {state,"https://lucas-AAAA-1:--HERE MY PASS IN PLAINTEXT@
> backup-1.AAAAA.cc/lucas-AAAAA-1/",
>                                20,[],[],
>                                {[],[]}}
> ** Reason for termination ==
> ** killed
>
> [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] {error_report,<0.31.0>,
>                         {<0.389.0>,crash_report,
>                          [[{initial_call,
>                                {couch_httpc_pool,init,['Argument__1']}},
>                            {pid,<0.389.0>},
>                            {registered_name,[]},
>                            {error_info,
>                                {exit,killed,
>                                    [{gen_server,terminate,6},
>                                     {proc_lib,init_p_do_apply,3}]}},
>                            {ancestors,
>                                [<0.379.0>,couch_rep_sup,
>                                 couch_primary_services,couch_server_sup,
>                                 <0.32.0>]},
>                            {messages,[]},
>                            {links,[]},
>                            {dictionary,[]},
>                            {trap_exit,true},
>                            {status,running},
>                            {heap_size,377},
>                            {stack_size,24},
>                            {reductions,496}],
>                           []]}}
>

Contact me on my account email for more information or here.


Best regards
Lucas


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message