couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: Configuration Load Order
Date Mon, 15 Aug 2011 17:36:49 GMT

On 15 Aug 2011, at 18:32, Jan Lehnardt wrote:

> 1. Write admin = password to local.ini
> 2. Restart CouchDB
> 3. Hash gets persisted to generated.ini
> 4. Plain text password remains in local.ini

Which one of these steps is the problem? 4? What would you have happen in place of that? That
the plain text password be removed? Could we not simply leave that up to the admin to remove
it from the config? What if it is needed again at some point? If I put my plain text password
in a config file that I had edited by hand on a server, I would not expect it to be removed
by the software. If I was concerned about saving the plain text password in the first place,
I would hope that the software in question would come with an interactive prompt that would
ask me for my password and write the hash out to the file for me.
Mime
View raw message