couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Trivial Update of "Security_Features_Overview" by JavierCandeira
Date Tue, 12 Nov 2013 15:24:47 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Security_Features_Overview" page has been changed by JavierCandeira:
https://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=40&rev2=41

Comment:
typography

  
  '''Note:''' If you are using CouchDB versions 1.1.x or earlier, please see "Generating password_sha"
below for more about the SHA-1 hash.
  
- Since CouchDB 1.2.0, the `password_sha` and `salt` fields are automatically created when
a `password` field is present in the user document. When the user document is written, CouchDB
checks for the existence of the `password` field and if it exists, it will generate a salt,
hash the value of the `password field and hash the concatenation of the password hash and
the salt. It then writes the resulting password into the `password_sha` field and the salt
into the `salt` field. The `password` field is removed.
+ Since CouchDB 1.2.0, the `password_sha` and `salt` fields are automatically created when
a `password` field is present in the user document. When the user document is written, CouchDB
checks for the existence of the `password` field and if it exists, it will generate a salt,
hash the value of the `password field` and hash the concatenation of the password hash and
the salt. It then writes the resulting password into the `password_sha` field and the salt
into the `salt` field. The `password` field is removed.
  
  This has the following implications: Clients no longer have to calculate the password salt
and hash manually. Yay.
  

Mime
View raw message