couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Klaus Trainer (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-1606) Replicator leaves plaintext password in logs
Date Tue, 25 Feb 2014 10:57:22 GMT


Klaus Trainer commented on COUCHDB-1606:

Good point, [~benoitc].  This relates to COUCHDB-2069.  I guess before starting with the actual
replication, the replicator should do a POST-request to /_session and get a cookie, if there
are any basic auth credentials.  From that point on it should forget the basic auth credentials
(i.e., username and password), and use the cookie for authentication instead.

> Replicator leaves plaintext password in logs
> --------------------------------------------
>                 Key: COUCHDB-1606
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Logging, Replication
>    Affects Versions: 1.2
>            Reporter: Nathan Vander Wilt
>            Assignee: Bob Dionne
>         Attachments: pwd log.txt
> While reviewing logs, I noticed that a password had been recorded in the logs as part
of a replicator error.

This message was sent by Atlassian JIRA

View raw message