Details
-
Bug
-
Resolution: Won't Fix
-
Major
-
4.5.0
-
All
-
Triaged
-
Unknown
Description
Queries in the query workbench are stored unencrypted and not user identity specifically in browser localstorage and not cleared. This is a potential security risk. Localstorage persists independently of Couchbase.
For Example:
[key]
CouchbaseQueryWorkbenchState_localhost:8091
[value]
{"pastQueries":[{"status":"cached query","resultCount":"0","resultSize":"0","result":"
","data":
{"data_not_cached":"hit execute to rerun query"},"query":"SELECT _id,\n (SELECT _id,_type,active,address,company,createdON,name,`password`,phone \n FROM `comply` USE KEYS c.assignedTo)[0] AS assignedTo, \n createdON, description,history,name,\n (SELECT _id,_type,active,address,company,createdON,name,`password`,phone \n FROM`comply` USE KEYS c.owner)[0] as owner,\n (SELECT _id,_type,active,address,company,createdON,name,`password`,phone \n FROM `comply` USE KEYS c.users) AS users, \n permalink FROM `comply` c WHERE c.assignedTo='ian@couchbase.com'","elapsedTime":"","executionTime":""},{"status":"cached query","resultCount":"0","resultSize":"0","result":"
","data":
{"data_not_cached":"hit execute to rerun query"},"query":"create primary index p1 on `travel-sample`","elapsedTime":"","executionTime":""},{"status":"cached query","resultCount":"0","resultSize":"0","result":"
","data":
{"data_not_cached":"hit execute to rerun query"},"query":"SELECT COUNT
from `travel-sample`","elapsedTime":"","executionTime":""}],"outputTab":1,"limit":
,"currentQueryIndex":2,"lastResult":{"status":"cached query","resultCount":"0","resultSize":"0","result":"
{\"data_not_cached\": \"hit execute to rerun query\"}","data":
{"data_not_cached":"hit execute to rerun query"},"query":"SELECT COUNT from `travel-sample`","elapsedTime":"","executionTime":""}}