[
https://issues.apache.org/jira/browse/COUCHDB-1606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13911214#comment-13911214
]
Benoit Chesneau commented on COUCHDB-1606:
------------------------------------------
Well logs are just exposing the fact that we pass the plaintext password to the
replication. Which is the real issue. Instead we the replicator should only
keep a token and use it to dialog with local and remote node. But the plaintext
password should never be kept around.
Though the authentication module should probably have the flag set for crash
logs.
> Replicator leaves plaintext password in logs
> --------------------------------------------
>
> Key: COUCHDB-1606
> URL: https://issues.apache.org/jira/browse/COUCHDB-1606
> Project: CouchDB
> Issue Type: Bug
> Components: Logging, Replication
> Affects Versions: 1.2
> Reporter: Nathan Vander Wilt
> Assignee: Bob Dionne
> Attachments: pwd log.txt
>
>
> While reviewing logs, I noticed that a password had been recorded in the logs
> as part of a replicator error.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
