Re: Printing passwords in Couch log files?
That's great to hear. I'm just pleased I got an excuse to play on http://regex101.com for 5 mins :) Sent from my iPhone > On Sep 16, 2016, at 11:11 AM, Paul Daviswrote: > > Huh. That's actually not a terrible idea to try and filter it at the > log level as well. For background there's a thing you can do that > allows you to not print the state of some processes which is where > we've always focused. But maybe keying on something a bit more > specific before logging it might also be a decent stop gap. > >> On Thu, Sep 15, 2016 at 7:24 PM, Paul Hammant wrote: >> So it is user-creation (debug log level) and crashes. I was thinking an >> exclusion regex might do it for the former >> >>sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: >> \1},"--redacted--"}'\n/' >> >> With a config option: >> >> [log] >> level = debug >> log-sed-redaction=s/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: >> \1},"--redacted--"}'\n/ >> >> Just a thought. >> >> - Paul >> >>> On Thu, Sep 15, 2016 at 8:41 AM, Robert Newson wrote: >>> >>> 100% agree that we shouldn't but it's hard to guarantee it never happens, >>> hence the warning. Passwords are held in process state so we can >>> authenticate to remote sources and targets while replicating. Crashes of >>> those processes write state dumps to the log. >>> >>> We can do better but it will involve some re-engineering of internals. >>> We'll get it done but , for now, we can only warn you about the problem. >>> >>> Sent from my iPhone >>> On 15 Sep 2016, at 11:44, Paul Hammant wrote: In http://guide.couchdb.org/draft/security.html it is disclosed that passwords are written to the log if the debug level is 'debug' level. I'm not sure that's good practice. I do not think Couch should log passwords at any log level, and I think others might agree. At the very least it should be a specific setting in the config: [log] level = debug log-passwords = false // proposed :) Thoughts? - Paul >>>
Re: Printing passwords in Couch log files?
Huh. That's actually not a terrible idea to try and filter it at the log level as well. For background there's a thing you can do that allows you to not print the state of some processes which is where we've always focused. But maybe keying on something a bit more specific before logging it might also be a decent stop gap. On Thu, Sep 15, 2016 at 7:24 PM, Paul Hammantwrote: > So it is user-creation (debug log level) and crashes. I was thinking an > exclusion regex might do it for the former > > sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: > \1},"--redacted--"}'\n/' > > With a config option: > > [log] > level = debug > log-sed-redaction=s/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: > \1},"--redacted--"}'\n/ > > Just a thought. > > - Paul > > On Thu, Sep 15, 2016 at 8:41 AM, Robert Newson wrote: > >> 100% agree that we shouldn't but it's hard to guarantee it never happens, >> hence the warning. Passwords are held in process state so we can >> authenticate to remote sources and targets while replicating. Crashes of >> those processes write state dumps to the log. >> >> We can do better but it will involve some re-engineering of internals. >> We'll get it done but , for now, we can only warn you about the problem. >> >> Sent from my iPhone >> >> > On 15 Sep 2016, at 11:44, Paul Hammant wrote: >> > >> > In http://guide.couchdb.org/draft/security.html it is disclosed that >> > passwords are written to the log if the debug level is 'debug' level. I'm >> > not sure that's good practice. I do not think Couch should log passwords >> > at any log level, and I think others might agree. >> > >> > At the very least it should be a specific setting in the config: >> > >> > [log] >> > level = debug >> > log-passwords = false // proposed :) >> > >> > Thoughts? >> > >> > - Paul >>
Re: Printing passwords in Couch log files?
So it is user-creation (debug log level) and crashes. I was thinking an exclusion regex might do it for the former sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: \1},"--redacted--"}'\n/' With a config option: [log] level = debug log-sed-redaction=s/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: \1},"--redacted--"}'\n/ Just a thought. - Paul On Thu, Sep 15, 2016 at 8:41 AM, Robert Newsonwrote: > 100% agree that we shouldn't but it's hard to guarantee it never happens, > hence the warning. Passwords are held in process state so we can > authenticate to remote sources and targets while replicating. Crashes of > those processes write state dumps to the log. > > We can do better but it will involve some re-engineering of internals. > We'll get it done but , for now, we can only warn you about the problem. > > Sent from my iPhone > > > On 15 Sep 2016, at 11:44, Paul Hammant wrote: > > > > In http://guide.couchdb.org/draft/security.html it is disclosed that > > passwords are written to the log if the debug level is 'debug' level. I'm > > not sure that's good practice. I do not think Couch should log passwords > > at any log level, and I think others might agree. > > > > At the very least it should be a specific setting in the config: > > > > [log] > > level = debug > > log-passwords = false // proposed :) > > > > Thoughts? > > > > - Paul >
Re: Printing passwords in Couch log files?
100% agree that we shouldn't but it's hard to guarantee it never happens, hence the warning. Passwords are held in process state so we can authenticate to remote sources and targets while replicating. Crashes of those processes write state dumps to the log. We can do better but it will involve some re-engineering of internals. We'll get it done but , for now, we can only warn you about the problem. Sent from my iPhone > On 15 Sep 2016, at 11:44, Paul Hammantwrote: > > In http://guide.couchdb.org/draft/security.html it is disclosed that > passwords are written to the log if the debug level is 'debug' level. I'm > not sure that's good practice. I do not think Couch should log passwords > at any log level, and I think others might agree. > > At the very least it should be a specific setting in the config: > > [log] > level = debug > log-passwords = false // proposed :) > > Thoughts? > > - Paul