Re: Printing passwords in Couch log files?

That's great to hear. I'm just pleased I got an excuse to play on http://regex101.com for 5 mins :) Sent from my iPhone > On Sep 16, 2016, at 11:11 AM, Paul Davis wrote: > > Huh. That's actually not a terrible idea to try and filter it at the > log level as well.

Re: Printing passwords in Couch log files?

Huh. That's actually not a terrible idea to try and filter it at the log level as well. For background there's a thing you can do that allows you to not print the state of some processes which is where we've always focused. But maybe keying on something a bit more specific before logging it might

Re: Printing passwords in Couch log files?

So it is user-creation (debug log level) and crashes. I was thinking an exclusion regex might do it for the former sed 's/.ini', Config: (.*)},"\S*"}'\n/.ini', Config: \1},"--redacted--"}'\n/' With a config option: [log] level = debug log-sed-redaction=s/.ini', Config:

Re: Printing passwords in Couch log files?

100% agree that we shouldn't but it's hard to guarantee it never happens, hence the warning. Passwords are held in process state so we can authenticate to remote sources and targets while replicating. Crashes of those processes write state dumps to the log. We can do better but it will

Printing passwords in Couch log files?

In http://guide.couchdb.org/draft/security.html it is disclosed that passwords are written to the log if the debug level is 'debug' level. I'm not sure that's good practice. I do not think Couch should log passwords at any log level, and I think others might agree. At the very least it should be