100% agree that we shouldn't but it's hard to guarantee it never happens, hence the warning. Passwords are held in process state so we can authenticate to remote sources and targets while replicating. Crashes of those processes write state dumps to the log.
We can do better but it will involve some re-engineering of internals. We'll get it done but , for now, we can only warn you about the problem. Sent from my iPhone > On 15 Sep 2016, at 11:44, Paul Hammant <p...@hammant.org> wrote: > > In http://guide.couchdb.org/draft/security.html it is disclosed that > passwords are written to the log if the debug level is 'debug' level. I'm > not sure that's good practice. I do not think Couch should log passwords > at any log level, and I think others might agree. > > At the very least it should be a specific setting in the config: > > [log] > level = debug > log-passwords = false // proposed :) > > Thoughts? > > - Paul
