Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-17469

[FTS] cbft should never log passwords

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 4.5.0
    • 4.5.0
    • cbft
    • Security Level: Public
    • Untriaged
    • Unknown

    Description

      Passwords and auth info might appear in JSON and other places which are logged to stdout/stderr.

      Those should be replace with "*********" or equivalent scrubbing of sensitive auth info.

      The actual strings that users search for can also be considered sensitive information but need different handling so there's another ticket for that.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-17576 [FTS] Scrub logs of sensitive info from queries

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MB-16039 Security Hardening

          • Major - Major loss of function.
          • Open
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              steve Steve Yen
              steve Steve Yen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty