[jira] [Created] (COUCHDB-1314) Couchdb _replicator documents should not show passwords in clear text

Thu, 20 Oct 2011 14:52:39 -0700 

Couchdb _replicator documents should not show passwords in clear text
---------------------------------------------------------------------

                 Key: COUCHDB-1314
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1314
             Project: CouchDB
          Issue Type: Improvement
          Components: Replication
    Affects Versions: 1.1
            Reporter: Dario Freire
            Priority: Critical


The documents stored in the _replicator database show passwords in clear text.

Imagine a scenario where a developer provides a couchdb app that runs in a 
central location and must synchronize with user's local couchdb instances.
The users would need to pull updates to their database by adding a document to 
_replicator:

{
    "_id": "great-app",
    "source":  "http://great-app-provider.com:5984/great-app";,
    "target":  "my-great-app",
    "create_target":  true
}

Now if the developer doesn't want his central couchdb instance to be public, he 
needs to protect it by creating an admin party.
The problem is that he cannot longer share his database for replication because 
doing so would reveal the admin credentials to the app users.
i.e. in order for the synchronization to work the users would need to update 
their _replicator documents to:

{
    "_id": "great-app",
    "source":  "http://admin:passw...@great-app-provider.com:5984/great-app";,
    "target":  "my-great-app",
    "create_target":  true
}

All in plain text.
Thus, the users would know how to access the restricted central couchdb 
instance.

This is just a possible scenario where showing credentials in plain text is a 
problem, but by no means is the only scenario where it is a problem.

Since one of the "selling points" of couchdb is its outstanding ability to 
synchronize databases, the security concerns caused by this issue make it 
impossible to use in practice. 
Because of this, it looks like an improvement on this matter is of critical 
importance.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to