You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/03/01 02:30:18 UTC

[jira] [Commented] (COUCHDB-2949) Replications which fail to start dump creds into the logs

    [ https://issues.apache.org/jira/browse/COUCHDB-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15173051#comment-15173051 ] 

ASF GitHub Bot commented on COUCHDB-2949:
-----------------------------------------

GitHub user nickva opened a pull request:

    https://github.com/apache/couchdb-couch-replicator/pull/28

    Do not crash in couch_replicator:terminate/2 if a local dbname is used.

    Even though local source or target database names are not valid
    for replication in CouchDB 2.0, do not crash when trying to
    strip credentials. Replicator process has to terminate properly
    in order to report the error in the replication document for
    user feedback.
    
    JIRA: COUCHDB-2949

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cloudant/couchdb-couch-replicator 2949-fix-crash-on-terminate

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb-couch-replicator/pull/28.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #28
    
----
commit 6e176334192aaa8ae08d1c75e12644156e9711f7
Author: Nick Vatamaniuc <va...@gmail.com>
Date:   2016-02-29T23:45:58Z

    Do not crash in couch_replicator:terminate/2 if a local dbname is used.
    
    Even though local source or target database names are not valid
    for replication in CouchDB 2.0, do not crash when trying to
    strip credentials. Replicator process has to terminate properly
    in order to report the error in the replication document for
    user feedback.
    
    JIRA: COUCHDB-2949

----


> Replications which fail to start dump creds into the logs
> ---------------------------------------------------------
>
>                 Key: COUCHDB-2949
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2949
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Replication
>            Reporter: Mike Wallace
>             Fix For: 2.0.0
>
>
> If a replication fails to start then the `#rep` record is logged [1]. This can contain credentials in either the source or target `#httpdb` records, either in urls or the authorization header.
> This can be reproduced by posting a replication document which specifies a replication from a database that doesn't exist and following the logs, e.g.: https://gist.github.com/mikewallace1979/757a48bce6b84fbf080c
> Note that the creds are exposed both when they are in the source/target url or in the `Authorization` header.
> [1] https://github.com/apache/couchdb-couch-replicator/blob/master/src/couch_replicator.erl#L519-L520



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)