You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Adam Kocoloski (JIRA)" <ji...@apache.org> on 2013/05/29 16:57:20 UTC
[jira] [Updated] (COUCHDB-1626) BASIC auth password appear in log
in plaintext during an error
[ https://issues.apache.org/jira/browse/COUCHDB-1626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Kocoloski updated COUCHDB-1626:
------------------------------------
Component/s: Logging
Description:
During testing, I see in the log that the password use in BASIC Auth was hidden by *****.
But when i try a replication who tell a ERRConn. The stack trace of error contain the password in plain-text.
And store in log file.
I doubt it's a debug feature.
I paste my couch log here: I hidden private info my self with AAAAA
Tue, 11 Dec 2012 13:46:14 GMT] [info] [<0.379.0>] Retrying HEAD request to
> https://lucas-AAAAA-1:*****@backup-1.AAAAAA.cc/lucas-AAAAA-1/ in
> 16.0 seconds due to error {conn_failed,{error,eoptions}}
> [Tue, 11 Dec 2012 13:46:28 GMT] [info] [<0.133.0>] 10.0.0.23 - - POST
> /_replicate 500
> [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] ** Generic server
> <0.389.0> terminating
> ** Last message in was {'EXIT',<0.379.0>,killed}
> ** When Server state == {state,"https://lucas-AAAA-1:--HERE MY PASS IN PLAINTEXT@
> backup-1.AAAAA.cc/lucas-AAAAA-1/",
> 20,[],[],
> {[],[]}}
> ** Reason for termination ==
> ** killed
>
> [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] {error_report,<0.31.0>,
> {<0.389.0>,crash_report,
> [[{initial_call,
> {couch_httpc_pool,init,['Argument__1']}},
> {pid,<0.389.0>},
> {registered_name,[]},
> {error_info,
> {exit,killed,
> [{gen_server,terminate,6},
> {proc_lib,init_p_do_apply,3}]}},
> {ancestors,
> [<0.379.0>,couch_rep_sup,
> couch_primary_services,couch_server_sup,
> <0.32.0>]},
> {messages,[]},
> {links,[]},
> {dictionary,[]},
> {trap_exit,true},
> {status,running},
> {heap_size,377},
> {stack_size,24},
> {reductions,496}],
> []]}}
>
Contact me on my account email for more information or here.
Best regards
Lucas
was:
During testing, I see in the log that the password use in BASIC Auth was hidden by *****.
But when i try a replication who tell a ERRConn. The stack trace of error contain the password in plain-text.
And store in log file.
I doubt it's a debug feature.
I paste my couch log here: I hidden private info my self with AAAAA
Tue, 11 Dec 2012 13:46:14 GMT] [info] [<0.379.0>] Retrying HEAD request to
> https://lucas-AAAAA-1:*****@backup-1.AAAAAA.cc/lucas-AAAAA-1/ in
> 16.0 seconds due to error {conn_failed,{error,eoptions}}
> [Tue, 11 Dec 2012 13:46:28 GMT] [info] [<0.133.0>] 10.0.0.23 - - POST
> /_replicate 500
> [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] ** Generic server
> <0.389.0> terminating
> ** Last message in was {'EXIT',<0.379.0>,killed}
> ** When Server state == {state,"https://lucas-AAAA-1:--HERE MY PASS IN PLAINTEXT@
> backup-1.AAAAA.cc/lucas-AAAAA-1/",
> 20,[],[],
> {[],[]}}
> ** Reason for termination ==
> ** killed
>
> [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] {error_report,<0.31.0>,
> {<0.389.0>,crash_report,
> [[{initial_call,
> {couch_httpc_pool,init,['Argument__1']}},
> {pid,<0.389.0>},
> {registered_name,[]},
> {error_info,
> {exit,killed,
> [{gen_server,terminate,6},
> {proc_lib,init_p_do_apply,3}]}},
> {ancestors,
> [<0.379.0>,couch_rep_sup,
> couch_primary_services,couch_server_sup,
> <0.32.0>]},
> {messages,[]},
> {links,[]},
> {dictionary,[]},
> {trap_exit,true},
> {status,running},
> {heap_size,377},
> {stack_size,24},
> {reductions,496}],
> []]}}
>
Contact me on my account email for more information or here.
Best regards
Lucas
> BASIC auth password appear in log in plaintext during an error
> --------------------------------------------------------------
>
> Key: COUCHDB-1626
> URL: https://issues.apache.org/jira/browse/COUCHDB-1626
> Project: CouchDB
> Issue Type: Bug
> Components: Build System, Infrastructure, Logging
> Reporter: Lucas T
>
> During testing, I see in the log that the password use in BASIC Auth was hidden by *****.
>
> But when i try a replication who tell a ERRConn. The stack trace of error contain the password in plain-text.
> And store in log file.
> I doubt it's a debug feature.
> I paste my couch log here: I hidden private info my self with AAAAA
> Tue, 11 Dec 2012 13:46:14 GMT] [info] [<0.379.0>] Retrying HEAD request to
> > https://lucas-AAAAA-1:*****@backup-1.AAAAAA.cc/lucas-AAAAA-1/ in
> > 16.0 seconds due to error {conn_failed,{error,eoptions}}
> > [Tue, 11 Dec 2012 13:46:28 GMT] [info] [<0.133.0>] 10.0.0.23 - - POST
> > /_replicate 500
> > [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] ** Generic server
> > <0.389.0> terminating
> > ** Last message in was {'EXIT',<0.379.0>,killed}
> > ** When Server state == {state,"https://lucas-AAAA-1:--HERE MY PASS IN PLAINTEXT@
> > backup-1.AAAAA.cc/lucas-AAAAA-1/",
> > 20,[],[],
> > {[],[]}}
> > ** Reason for termination ==
> > ** killed
> >
> > [Tue, 11 Dec 2012 13:46:28 GMT] [error] [<0.389.0>] {error_report,<0.31.0>,
> > {<0.389.0>,crash_report,
> > [[{initial_call,
> > {couch_httpc_pool,init,['Argument__1']}},
> > {pid,<0.389.0>},
> > {registered_name,[]},
> > {error_info,
> > {exit,killed,
> > [{gen_server,terminate,6},
> > {proc_lib,init_p_do_apply,3}]}},
> > {ancestors,
> > [<0.379.0>,couch_rep_sup,
> > couch_primary_services,couch_server_sup,
> > <0.32.0>]},
> > {messages,[]},
> > {links,[]},
> > {dictionary,[]},
> > {trap_exit,true},
> > {status,running},
> > {heap_size,377},
> > {stack_size,24},
> > {reductions,496}],
> > []]}}
> >
> Contact me on my account email for more information or here.
> Best regards
> Lucas
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira