Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-1314

Couchdb _replicator documents should not show passwords in clear text




      The documents stored in the _replicator database show passwords in clear text.

      Imagine a scenario where a developer provides a couchdb app that runs in a central location and must synchronize with user's local couchdb instances.
      The users would need to pull updates to their database by adding a document to _replicator:

      "_id": "great-app",
      "source": "http://great-app-provider.com:5984/great-app",
      "target": "my-great-app",
      "create_target": true

      Now if the developer doesn't want his central couchdb instance to be public, he needs to protect it by creating an admin party.
      The problem is that he cannot longer share his database for replication because doing so would reveal the admin credentials to the app users.
      i.e. in order for the synchronization to work the users would need to update their _replicator documents to:

      "_id": "great-app",
      "source": "http://admin:password@great-app-provider.com:5984/great-app",
      "target": "my-great-app",
      "create_target": true

      All in plain text.
      Thus, the users would know how to access the restricted central couchdb instance.

      This is just a possible scenario where showing credentials in plain text is a problem, but by no means is the only scenario where it is a problem.

      Since one of the "selling points" of couchdb is its outstanding ability to synchronize databases, the security concerns caused by this issue make it impossible to use in practice.
      Because of this, it looks like an improvement on this matter is of critical importance.




            Unassigned Unassigned
            dfreire Dario Freire
            0 Vote for this issue
            1 Start watching this issue