Re: SuSE loves CouchDB!

2016-09-16 Thread Andy Wenk 
well - this happens due to “old stuff” … :-(

--
Andy Wenk
RockIt!

Hamburg / Germany

GPG public key: https://pgp.mit.edu/pks/lookup?op=get=0x4F1D0C59BC90917D

> On 16 Sep 2016, at 17:02, Alexander Shorin  wrote:
> 
>> Fixed by removing couchdb alltogether
> 
> https://bugzilla.suse.com/show_bug.cgi?id=904288#c7
> 
> --
> ,,,^..^,,,



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Printing passwords in Couch log files?

2016-09-16 Thread Paul Hammant 
That's great to hear. I'm just pleased I got an excuse to play on 
http://regex101.com for 5 mins :)

Sent from my iPhone

> On Sep 16, 2016, at 11:11 AM, Paul Davis  wrote:
> 
> Huh. That's actually not a terrible idea to try and filter it at the
> log level as well. For background there's a thing you can do that
> allows you to not print the state of some processes which is where
> we've always focused. But maybe keying on something a bit more
> specific before logging it might also be a decent stop gap.
> 
>> On Thu, Sep 15, 2016 at 7:24 PM, Paul Hammant  wrote:
>> So it is user-creation (debug log level) and crashes.  I was thinking an
>> exclusion regex might do it for the former
>> 
>>sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config:
>> \1},"--redacted--"}'\n/'
>> 
>> With a config option:
>> 
>>  [log]
>>  level = debug
>>  log-sed-redaction=s/.ini', Config: (.*)},"\S*"}'\n/.ini', Config:
>> \1},"--redacted--"}'\n/
>> 
>> Just a thought.
>> 
>> - Paul
>> 
>>> On Thu, Sep 15, 2016 at 8:41 AM, Robert Newson  wrote:
>>> 
>>> 100% agree that we shouldn't but it's hard to guarantee it never happens,
>>> hence the warning. Passwords are held in process state so we can
>>> authenticate to remote sources and targets while replicating. Crashes of
>>> those processes write state dumps to the log.
>>> 
>>> We can do better but it will involve some re-engineering of internals.
>>> We'll get it done but , for now, we can only warn you about the problem.
>>> 
>>> Sent from my iPhone
>>> 
 On 15 Sep 2016, at 11:44, Paul Hammant  wrote:
 
 In http://guide.couchdb.org/draft/security.html it is disclosed that
 passwords are written to the log if the debug level is 'debug' level. I'm
 not sure that's good practice.  I do not think Couch should log passwords
 at any log level, and I think others might agree.
 
 At the very least it should be a specific setting in the config:
 
 [log]
 level = debug
 log-passwords = false  // proposed :)
 
 Thoughts?
 
 - Paul
>>>

Re: Printing passwords in Couch log files?

2016-09-16 Thread Paul Davis 
Huh. That's actually not a terrible idea to try and filter it at the
log level as well. For background there's a thing you can do that
allows you to not print the state of some processes which is where
we've always focused. But maybe keying on something a bit more
specific before logging it might also be a decent stop gap.

On Thu, Sep 15, 2016 at 7:24 PM, Paul Hammant  wrote:
> So it is user-creation (debug log level) and crashes.  I was thinking an
> exclusion regex might do it for the former
>
> sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config:
> \1},"--redacted--"}'\n/'
>
> With a config option:
>
>   [log]
>   level = debug
>   log-sed-redaction=s/.ini', Config: (.*)},"\S*"}'\n/.ini', Config:
> \1},"--redacted--"}'\n/
>
> Just a thought.
>
> - Paul
>
> On Thu, Sep 15, 2016 at 8:41 AM, Robert Newson  wrote:
>
>> 100% agree that we shouldn't but it's hard to guarantee it never happens,
>> hence the warning. Passwords are held in process state so we can
>> authenticate to remote sources and targets while replicating. Crashes of
>> those processes write state dumps to the log.
>>
>> We can do better but it will involve some re-engineering of internals.
>> We'll get it done but , for now, we can only warn you about the problem.
>>
>> Sent from my iPhone
>>
>> > On 15 Sep 2016, at 11:44, Paul Hammant  wrote:
>> >
>> > In http://guide.couchdb.org/draft/security.html it is disclosed that
>> > passwords are written to the log if the debug level is 'debug' level. I'm
>> > not sure that's good practice.  I do not think Couch should log passwords
>> > at any log level, and I think others might agree.
>> >
>> > At the very least it should be a specific setting in the config:
>> >
>> >  [log]
>> >  level = debug
>> >  log-passwords = false  // proposed :)
>> >
>> > Thoughts?
>> >
>> > - Paul
>>

SuSE loves CouchDB!

2016-09-16 Thread Alexander Shorin 
> Fixed by removing couchdb alltogether

https://bugzilla.suse.com/show_bug.cgi?id=904288#c7

--
,,,^..^,,,

Re: Shards database name error in logs

2016-09-16 Thread Paul J Davis 
Doh! Forgot about cassim. 

> On Sep 14, 2016, at 12:17 PM, Alexander Shorin  wrote:
> 
> Paul,
> 
> _metadata is our special database which is valid.
> https://github.com/apache/couchdb-cassim/blob/master/src/cassim_metadata_cache.erl#L63-L64
> --
> ,,,^..^,,,
> 
> 
>> On Wed, Sep 14, 2016 at 7:15 PM, Paul Davis  
>> wrote:
>> I'm pretty sure its saying that you're trying to create a database
>> named _metadata which isn't a valid database name for two reasons.
>> First, we require db names to start with a letter for file system
>> compatibility and to avoid surprises (ie, if someone tried to name a
>> database "../foo"). Second, we generally reserve the _ prefix in all
>> API places for CouchDB internal use.
>> 
>> On Tue, Sep 13, 2016 at 11:23 PM, Joey Samonte
>>  wrote:
>>> Good day,
>>> 
>>> 
>>> I am getting a lot of error like this one in the logs (Windows):
>>> 
>>> 
>>> {"error":"illegal_database_name","reason":"Name: 
>>> 'shards%2F-1fff%2F_metadata.1473815830'. Only lowercase 
>>> characters (a-z)
>>> 
>>> 
>>> Why is this so?
>>> 
>>> 
>>> Regards,
>>> 
>>> Joey
>>> 
>>> 
>>> 
>>>