couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoit Chesneau (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1606) Replicator leaves plaintext password in logs
Date Tue, 25 Feb 2014 04:05:19 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13911214#comment-13911214
] 

Benoit Chesneau commented on COUCHDB-1606:
------------------------------------------

Well logs are just exposing the fact that we pass the plaintext password to the replication.
Which is the real issue. Instead we the replicator should only keep a token and use it to
dialog with local and remote node. But the plaintext password should never be kept around.

Though the authentication module should probably have the flag set for crash logs.

> Replicator leaves plaintext password in logs
> --------------------------------------------
>
>                 Key: COUCHDB-1606
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1606
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Logging, Replication
>    Affects Versions: 1.2
>            Reporter: Nathan Vander Wilt
>            Assignee: Bob Dionne
>         Attachments: pwd log.txt
>
>
> While reviewing logs, I noticed that a password had been recorded in the logs as part
of a replicator error.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message