Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-14629

XDCR: Use metakv sensitive APIs to set/add sensitive info.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 4.0.0
    • 4.0.0
    • XDCR
    • Security Level: Public
    • None
    • Untriaged
    • Unknown

    Description

      metakv has now following two new APIs to set and add paths that store
      sensitive information e.g. passwords.

      1. SetSensitive(path string, value []byte, rev interface{})
      2. AddSensitive(path string, value []byte)

      Also, please do not display sensitive info in log files. I see goxdcr log displays passwords (cut-n-paste below).

      AdminPort 2015-04-16T17:15:46.020-07:00 [INFO] doCreateRemoteClusterRequest$
      AdminPort 2015-04-16T17:15:46.020-07:00 [INFO] Request params: justValidate=false, remoterClusterRef=

      {remoteCluster/39cfb7cd7bac82eb471e644b6689c14a 39cfb7cd7bac82eb471e644b6689c14a backup 127.0.0.1:9002 Administrator asdasd false [] <nil>}

      The new API and other changes in ns_server/metakv for storing sensitive info
      were checked in under MB-14096.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-14144 GoXDCR: Rest passwords leaked in goxdcr.log

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              yu Yu Sui (Inactive)
              poonam Poonam Dhavale
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty