[
https://issues.apache.org/jira/browse/COUCHDB-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15174128#comment-15174128
]
ASF subversion and git services commented on COUCHDB-2949:
----------------------------------------------------------
Commit fc49a366cb51522bc2be8c2aa022cd9636528c9c in couchdb-couch-replicator's
branch refs/heads/master from [~kzx]
[
https://git-wip-us.apache.org/repos/asf?p=couchdb-couch-replicator.git;h=fc49a36
]
Do not crash in couch_replicator:terminate/2 if a local dbname is used.
Even though local source or target database names are not valid
for replication in CouchDB 2.0, do not crash when trying to
strip credentials. Replicator process has to terminate properly
in order to report the error in the replication document for
user feedback.
JIRA: COUCHDB-2949
This closes #28
Signed-off-by: Mike Wallace <[email protected]>
> Replications which fail to start dump creds into the logs
> ---------------------------------------------------------
>
> Key: COUCHDB-2949
> URL: https://issues.apache.org/jira/browse/COUCHDB-2949
> Project: CouchDB
> Issue Type: Bug
> Components: Replication
> Reporter: Mike Wallace
> Fix For: 2.0.0
>
>
> If a replication fails to start then the `#rep` record is logged [1]. This
> can contain credentials in either the source or target `#httpdb` records,
> either in urls or the authorization header.
> This can be reproduced by posting a replication document which specifies a
> replication from a database that doesn't exist and following the logs, e.g.:
> https://gist.github.com/mikewallace1979/757a48bce6b84fbf080c
> Note that the creds are exposed both when they are in the source/target url
> or in the `Authorization` header.
> [1]
> https://github.com/apache/couchdb-couch-replicator/blob/master/src/couch_replicator.erl#L519-L520
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
