couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Klaus Trainer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1606) Replicator leaves plaintext password in logs
Date Tue, 25 Feb 2014 10:57:22 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13911459#comment-13911459
] 

Klaus Trainer commented on COUCHDB-1606:
----------------------------------------

Good point, [~benoitc].  This relates to COUCHDB-2069.  I guess before starting with the actual
replication, the replicator should do a POST-request to /_session and get a cookie, if there
are any basic auth credentials.  From that point on it should forget the basic auth credentials
(i.e., username and password), and use the cookie for authentication instead.

> Replicator leaves plaintext password in logs
> --------------------------------------------
>
>                 Key: COUCHDB-1606
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1606
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Logging, Replication
>    Affects Versions: 1.2
>            Reporter: Nathan Vander Wilt
>            Assignee: Bob Dionne
>         Attachments: pwd log.txt
>
>
> While reviewing logs, I noticed that a password had been recorded in the logs as part
of a replicator error.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message