couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: Configuration Load Order
Date Tue, 16 Aug 2011 18:31:48 GMT

On 16 Aug 2011, at 10:33, Benoit Chesneau wrote:

> Imo we shouldn't at all provide plaintext passwords. Maybe a safer
> option would be to let the admin create the first one via http or put
> the hash in the a password.ini file manually. If we are enough kind we
> could also provide a couchctl script allowing user management, config
> changes ... ?

This sounds like a decent proposal. Much like you have to use htpasswd to generate passwords
for Apache httpd, we could bundle a script that lets you generate passwords for the CouchDB
ini files, and then forbid the use of plaintext. This solves both the technical problem (I
think?) and helps us re-enforce better security practices across the board.
Mime
View raw message