couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hammant <p...@hammant.org>
Subject Printing passwords in Couch log files?
Date Thu, 15 Sep 2016 10:44:46 GMT
In http://guide.couchdb.org/draft/security.html it is disclosed that
passwords are written to the log if the debug level is 'debug' level. I'm
not sure that's good practice.  I do not think Couch should log passwords
at any log level, and I think others might agree.

At the very least it should be a specific setting in the config:

  [log]
  level = debug
  log-passwords = false  // proposed :)

Thoughts?

- Paul

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message