From 9d28f9400594107182b661410937b2fec5250d19 Mon Sep 17 00:00:00 2001
From: Xiang Li <xiang.li@coreos.com>
Date: Mon, 16 Mar 2015 22:35:01 -0700
Subject: [PATCH] etcdserver/etcdhttp: do not return back the password of a
 user

---
 etcdserver/etcdhttp/client_security.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etcdserver/etcdhttp/client_security.go b/etcdserver/etcdhttp/client_security.go
index a43a6fbf6..dda4c9b10 100644
--- a/etcdserver/etcdhttp/client_security.go
+++ b/etcdserver/etcdhttp/client_security.go
@@ -266,6 +266,7 @@ func (sh *securityHandler) forUser(w http.ResponseWriter, r *http.Request, user
 			return
 		}
 		u.Password = ""
+
 		err = json.NewEncoder(w).Encode(u)
 		if err != nil {
 			log.Println("etcdhttp: forUser error encoding on", r.URL)
@@ -288,6 +289,8 @@ func (sh *securityHandler) forUser(w http.ResponseWriter, r *http.Request, user
 			writeError(w, err)
 			return
 		}
+		newuser.Password = ""
+
 		w.WriteHeader(http.StatusCreated)
 		err = json.NewEncoder(w).Encode(newuser)
 		if err != nil {