You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/03/21 17:51:04 UTC

[GitHub] wohali opened a new issue #1227: Force payload logging to /_node/*/_config endpoint.

wohali opened a new issue #1227: Force payload logging to /_node/*/_config endpoint.
URL: https://github.com/apache/couchdb/issues/1227
 
 
   Logging any configuration changes to a node for posterity is useful for documentation and forensic purposes. I propose to force-log the entire payload to any `/_node/*/_config` endpoint, regardless of logging level.
   
   This could be disabe-lable, but that would defeat the purpose, since a hacker finding a way around in-built security features would simply reconfigure that value first, before proceeding to more sensitive endpoints.
   
   ## Context
   Forensic investigation of hacked CouchDB servers (due to disclosed CVEs) is complicated by the fact that logging of what config changes have been made is terse to the point of uselessness.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services