On Feb 18, 2014, at 10:18 AM, Jason Winshell <[email protected]> wrote:
> (2) the user:password would never be exposed to user other than the server > administrator on the backup. If this is a persistent replication, you'd need to secure the '_replicator' database against unauthorized access, since the URL is a property of the replication document. The _replicator database seems to be world-readable by default, but AFAIK you can lock it down the same way you would other databases, i.e. by configuring its security object. —Jens
