On Oct 30, 2011, at 19:49 , Noah Slater wrote: > Doesn't this allow malicious user agents to craft spoofed log entries for > CouchDB? You could make it look like something very serious was happening, > causing the CouchDB admin to take measures that harm the server or the data > it contains. If we're going to do this at all (and I am not sure I see a > valid use case here) then the message should be prefixed with a big fat > notice that it's user generated.
Good thinking, do you want to move the discussion to https://issues.apache.org/jira/browse/COUCHDB-464 so we don't have two place to look later? I'll reply with my idea about it :) Cheers Jan -- > > On Sun, Oct 30, 2011 at 4:39 PM, <[email protected]> wrote: > >> Updated Branches: >> refs/heads/master f94530da9 -> 6cffccdfe >> >> >> Allow POST to _log. >> >> POST /_log {"level":"info|debug|error", "message":"your message here"} >> >> Patch by Robert Newson. >> >> Closes COUCHDB-464 >> >> >> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo >> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6cffccdf >> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6cffccdf >> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6cffccdf >> >> Branch: refs/heads/master >> Commit: 6cffccdfe08e6d859cc7e83be3bcc521bf68fd5a >> Parents: f94530d >> Author: Jan Lehnardt <[email protected]> >> Authored: Sun Oct 30 17:38:18 2011 +0100 >> Committer: Jan Lehnardt <[email protected]> >> Committed: Sun Oct 30 17:38:18 2011 +0100 >> >> ---------------------------------------------------------------------- >> src/couchdb/couch_httpd_misc_handlers.erl | 21 ++++++++++++++++++--- >> 1 files changed, 18 insertions(+), 3 deletions(-) >> ---------------------------------------------------------------------- >> >> >> >> http://git-wip-us.apache.org/repos/asf/couchdb/blob/6cffccdf/src/couchdb/couch_httpd_misc_handlers.erl >> ---------------------------------------------------------------------- >> diff --git a/src/couchdb/couch_httpd_misc_handlers.erl >> b/src/couchdb/couch_httpd_misc_handlers.erl >> index 8abf0aa..ae6ffe3 100644 >> --- a/src/couchdb/couch_httpd_misc_handlers.erl >> +++ b/src/couchdb/couch_httpd_misc_handlers.erl >> @@ -254,7 +254,22 @@ handle_log_req(#httpd{method='GET'}=Req) -> >> ]), >> send_chunk(Resp, Chunk), >> last_chunk(Resp); >> +handle_log_req(#httpd{method='POST'}=Req) -> >> + {PostBody} = couch_httpd:json_body_obj(Req), >> + Level = couch_util:get_value(<<"level">>, PostBody), >> + Message = ?b2l(couch_util:get_value(<<"message">>, PostBody)), >> + case Level of >> + <<"debug">> -> >> + ?LOG_DEBUG(Message, []), >> + send_json(Req, 200, {[{ok, true}]}); >> + <<"info">> -> >> + ?LOG_INFO(Message, []), >> + send_json(Req, 200, {[{ok, true}]}); >> + <<"error">> -> >> + ?LOG_ERROR(Message, []), >> + send_json(Req, 200, {[{ok, true}]}); >> + _ -> >> + send_json(Req, 400, {[{error, ?l2b(io_lib:format("Unrecognized >> log level '~s'", [Level]))}]}) >> + end; >> handle_log_req(Req) -> >> - send_method_not_allowed(Req, "GET"). >> - >> - >> + send_method_not_allowed(Req, "GET,POST"). >> >>
