couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <>
Subject Re: Auth Roadmap
Date Fri, 12 Feb 2010 12:20:29 GMT
On Fri, Feb 12, 2010 at 7:10 AM, Chris Anderson <> wrote:
> On Tue, Feb 9, 2010 at 2:52 PM, Chris Anderson <> wrote:
>> Devs,
>> I've been getting a lot of feedback about the authentication &
>> authorization work that I did over the holidays and over the last few
>> weeks. There are also some enhancements I've been thinking about for a
>> while. Here's a quick list of what I see as the important things to
>> do. I'm not concerned here with releases / feature freeze etc as in my
>> opinion CouchDB development is expected to continue even after we
>> reach 1.0.
>> 1) Extensible password storage.
>> Thanks Brian Candler for the links to the OpenLDAP style of storage. I
>> think we should do this asap so we don't have to worry about backwards
>> compatibility with the current storage mechanism until the end of
>> time. The relevant message:
> I'm helping Filipe Manana with an implementation of this, which will
> be backwards compatible with existing admin passwords (stored in
> config). We won't try to be backwards compatible with old _users dbs
> (it should be simple to write an upgrade script if you have crucial
> data). This doesn't need to block 0.11 but it could go in 0.11.1 as
> it'd be nice to get it out there for people who want better crypto.

Actually I think I wouild prefer a json object so we don't have to
parse string a such


  "auth-type": "brypt-sha1",
  "key": ...

and in ini

{ "bcrypt-sha1", "couch_httpd_auth", "brcrypt_sha1_encode",
"brcrypt_sha1_decode" }

Somethink like it. Which is basically the same as having all in one
string but is more jsonful. Also it remove the need to parse the
string or do more pattern matching than needed.

Is there any ticket open about it ?

- benoƮt

View raw message