Re: SuSE loves CouchDB!
well - this happens due to “old stuff” … :-( -- Andy Wenk RockIt! Hamburg / Germany GPG public key: https://pgp.mit.edu/pks/lookup?op=get=0x4F1D0C59BC90917D > On 16 Sep 2016, at 17:02, Alexander Shorinwrote: > >> Fixed by removing couchdb alltogether > > https://bugzilla.suse.com/show_bug.cgi?id=904288#c7 > > -- > ,,,^..^,,, signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Printing passwords in Couch log files?
That's great to hear. I'm just pleased I got an excuse to play on http://regex101.com for 5 mins :) Sent from my iPhone > On Sep 16, 2016, at 11:11 AM, Paul Daviswrote: > > Huh. That's actually not a terrible idea to try and filter it at the > log level as well. For background there's a thing you can do that > allows you to not print the state of some processes which is where > we've always focused. But maybe keying on something a bit more > specific before logging it might also be a decent stop gap. > >> On Thu, Sep 15, 2016 at 7:24 PM, Paul Hammant wrote: >> So it is user-creation (debug log level) and crashes. I was thinking an >> exclusion regex might do it for the former >> >>sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: >> \1},"--redacted--"}'\n/' >> >> With a config option: >> >> [log] >> level = debug >> log-sed-redaction=s/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: >> \1},"--redacted--"}'\n/ >> >> Just a thought. >> >> - Paul >> >>> On Thu, Sep 15, 2016 at 8:41 AM, Robert Newson wrote: >>> >>> 100% agree that we shouldn't but it's hard to guarantee it never happens, >>> hence the warning. Passwords are held in process state so we can >>> authenticate to remote sources and targets while replicating. Crashes of >>> those processes write state dumps to the log. >>> >>> We can do better but it will involve some re-engineering of internals. >>> We'll get it done but , for now, we can only warn you about the problem. >>> >>> Sent from my iPhone >>> On 15 Sep 2016, at 11:44, Paul Hammant wrote: In http://guide.couchdb.org/draft/security.html it is disclosed that passwords are written to the log if the debug level is 'debug' level. I'm not sure that's good practice. I do not think Couch should log passwords at any log level, and I think others might agree. At the very least it should be a specific setting in the config: [log] level = debug log-passwords = false // proposed :) Thoughts? - Paul >>>
Re: Printing passwords in Couch log files?
Huh. That's actually not a terrible idea to try and filter it at the log level as well. For background there's a thing you can do that allows you to not print the state of some processes which is where we've always focused. But maybe keying on something a bit more specific before logging it might also be a decent stop gap. On Thu, Sep 15, 2016 at 7:24 PM, Paul Hammantwrote: > So it is user-creation (debug log level) and crashes. I was thinking an > exclusion regex might do it for the former > > sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: > \1},"--redacted--"}'\n/' > > With a config option: > > [log] > level = debug > log-sed-redaction=s/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: > \1},"--redacted--"}'\n/ > > Just a thought. > > - Paul > > On Thu, Sep 15, 2016 at 8:41 AM, Robert Newson wrote: > >> 100% agree that we shouldn't but it's hard to guarantee it never happens, >> hence the warning. Passwords are held in process state so we can >> authenticate to remote sources and targets while replicating. Crashes of >> those processes write state dumps to the log. >> >> We can do better but it will involve some re-engineering of internals. >> We'll get it done but , for now, we can only warn you about the problem. >> >> Sent from my iPhone >> >> > On 15 Sep 2016, at 11:44, Paul Hammant wrote: >> > >> > In http://guide.couchdb.org/draft/security.html it is disclosed that >> > passwords are written to the log if the debug level is 'debug' level. I'm >> > not sure that's good practice. I do not think Couch should log passwords >> > at any log level, and I think others might agree. >> > >> > At the very least it should be a specific setting in the config: >> > >> > [log] >> > level = debug >> > log-passwords = false // proposed :) >> > >> > Thoughts? >> > >> > - Paul >>
SuSE loves CouchDB!
> Fixed by removing couchdb alltogether https://bugzilla.suse.com/show_bug.cgi?id=904288#c7 -- ,,,^..^,,,
Re: Shards database name error in logs
Doh! Forgot about cassim. > On Sep 14, 2016, at 12:17 PM, Alexander Shorinwrote: > > Paul, > > _metadata is our special database which is valid. > https://github.com/apache/couchdb-cassim/blob/master/src/cassim_metadata_cache.erl#L63-L64 > -- > ,,,^..^,,, > > >> On Wed, Sep 14, 2016 at 7:15 PM, Paul Davis >> wrote: >> I'm pretty sure its saying that you're trying to create a database >> named _metadata which isn't a valid database name for two reasons. >> First, we require db names to start with a letter for file system >> compatibility and to avoid surprises (ie, if someone tried to name a >> database "../foo"). Second, we generally reserve the _ prefix in all >> API places for CouchDB internal use. >> >> On Tue, Sep 13, 2016 at 11:23 PM, Joey Samonte >> wrote: >>> Good day, >>> >>> >>> I am getting a lot of error like this one in the logs (Windows): >>> >>> >>> {"error":"illegal_database_name","reason":"Name: >>> 'shards%2F-1fff%2F_metadata.1473815830'. Only lowercase >>> characters (a-z) >>> >>> >>> Why is this so? >>> >>> >>> Regards, >>> >>> Joey >>> >>> >>> >>>