erica push insecurely echoes password to console

benoitc / erica

tool to manage couchapps

Apache License 2.0

269 stars 30 forks source link

erica push insecurely echoes password to console #83

Open edrex opened 10 years ago

edrex commented 10 years ago

% erica push . default
==> couchapp (push)
==> Successfully pushed. You can browse it at: http://myuser:mypassword@127.0.0.1:5984/mydb/_design/myapp/_rewrite/

This is a shoulder-surfing risk. It would be better to strip at least the password from the URL.