couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [23/50] documentation commit: updated refs/heads/import-master to fe7f7bf
Date Thu, 10 Jul 2014 09:47:22 GMT
Verify that auth-related properties are well-formed

Passing unexpected values to auth fields can result in server
issues. Notably, setting "iterations" to a string will cause an
infinite loop as the comparison 'when Iteration > Iterations' will
never evaluate to true.

The latest validate_doc_update prevents user docs with this problem
and administrators can deploy that check themselves (and only
administrators can edit design documents).

A server administrator can also insist on lower and upper bounds for
iteration count to reject weakly protected passwords and
resource-hungry passwords respectively.

COUCHDB-2221


Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/9d61faff
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/9d61faff
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/9d61faff

Branch: refs/heads/import-master
Commit: 9d61faff2a31bcc39bb9009a6126ece300fff23e
Parents: 1d31c3a
Author: Robert Newson <rnewson@apache.org>
Authored: Sun Apr 6 18:31:15 2014 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Sun Apr 6 22:09:54 2014 +0100

----------------------------------------------------------------------
 src/config/auth.rst | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/9d61faff/src/config/auth.rst
----------------------------------------------------------------------
diff --git a/src/config/auth.rst b/src/config/auth.rst
index 4127288..8311140 100644
--- a/src/config/auth.rst
+++ b/src/config/auth.rst
@@ -166,6 +166,30 @@ Authentication Configuration
       [couch_httpd_auth]
       iterations = 10000
 
+  .. config:option:: min_iterations :: Minimum PBKDF2 iterations count
+
+    .. versionadded:: 1.6
+
+    The minimum number of iterations allowed for passwords hashed by
+    the PBKDF2 algorithm. Any user with fewer iterations is forbidden.
+
+    ::
+
+      [couch_httpd_auth]
+      min_iterations = 100
+
+  .. config:option:: max_iterations :: Maximum PBKDF2 iterations count
+
+    .. versionadded:: 1.6
+
+    The maximum number of iterations allowed for passwords hashed by
+    the PBKDF2 algorithm. Any user with greater iterations is forbidden.
+
+    ::
+
+      [couch_httpd_auth]
+      max_iterations = 100000
+
 
   .. config:option:: proxy_use_secret :: Force proxy auth use secret token
 


Mime
View raw message