couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: Configuration Load Order
Date Tue, 16 Aug 2011 22:03:40 GMT
On Tue, Aug 16, 2011 at 11:33, Jan Lehnardt <jan@apache.org> wrote:

>
> On Aug 16, 2011, at 8:31 PM, Noah Slater wrote:
>
> >
> > On 16 Aug 2011, at 10:33, Benoit Chesneau wrote:
> >
> >> Imo we shouldn't at all provide plaintext passwords. Maybe a safer
> >> option would be to let the admin create the first one via http or put
> >> the hash in the a password.ini file manually. If we are enough kind we
> >> could also provide a couchctl script allowing user management, config
> >> changes ... ?
> >
> > This sounds like a decent proposal. Much like you have to use htpasswd to
> generate passwords for Apache httpd, we could bundle a script that lets you
> generate passwords for the CouchDB ini files, and then forbid the use of
> plaintext. This solves both the technical problem (I think?) and helps us
> re-enforce better security practices across the board.
>
> Agreed.
>
>
Agreed also. We still have a question about load and save order.
One idea would be to track the .ini file from whence an option came. If an
option comes from a local.ini or local.d/ file it could be updated in place.
If it comes from a default.ini or default.d/ file, updates should be placed
in local.ini. This would make the most sense to me.

I would also be in favor of enforcing a load order that supports a directory
structure like:
local.d/
  010-stuff.ini
  020-others.ini

We don't need to ship anything like that by default. I think right now we
take the load directories on the command line, no? It'd be nice if the order
of resolution within those directories was well specified.

-Randall

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message