couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [35/50] couchdb commit: updated refs/heads/master to 6526051
Date Thu, 10 Jul 2014 14:51:08 GMT
Verify that auth-related properties are well-formed

Passing unexpected values to auth fields can result in server
issues. Notably, setting "iterations" to a string will cause an
infinite loop as the comparison 'when Iteration > Iterations' will
never evaluate to true.

The latest validate_doc_update prevents user docs with this problem
and administrators can deploy that check themselves (and only
administrators can edit design documents).

A server administrator can also insist on lower and upper bounds for
iteration count to reject weakly protected passwords and
resource-hungry passwords respectively.

COUCHDB-2221


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/7439833e
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/7439833e
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/7439833e

Branch: refs/heads/master
Commit: 7439833ea51ac1436f341c7aab6e8de1fe4a2a18
Parents: a05ec6d
Author: Robert Newson <rnewson@apache.org>
Authored: Sun Apr 6 18:31:15 2014 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Wed May 21 17:08:11 2014 +0100

----------------------------------------------------------------------
 etc/couchdb/default.ini.tpl.in | 2 ++
 1 file changed, 2 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/7439833e/etc/couchdb/default.ini.tpl.in
----------------------------------------------------------------------
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 65ebf78..18516ba 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -67,6 +67,8 @@ timeout = 600 ; number of seconds before automatic logout
 auth_cache_size = 50 ; size is number of cache entries
 allow_persistent_cookies = false ; set to true to allow persistent cookies
 iterations = 10000 ; iterations for password hashing
+; min_iterations = 1
+; max_iterations = 1000000000
 
 [cors]
 credentials = false


Mime
View raw message