couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <>
Subject Re: Configuration Load Order
Date Wed, 17 Aug 2011 16:04:20 GMT
On Wednesday, August 17, 2011, Jason Smith <> wrote:
> On Wed, Aug 17, 2011 at 10:22 PM, Robert Newson <>
>> Jason,
>> The --set-password thing is to ensure there are no plaintext passwords
>> in the first place, which eliminates the oddness of couch rewriting a
>> plaintext pwd to a digested pwd (and putting the output in a different
>> file).
> Thanks for the clarification.
> If you can read a plaintext password from an .ini file, then you can
> hit the HTTP API as the admin and make changes to the couch. So that
> is privilege escalation.
> To answer Benoit's question, it is simpler to tell admins to use the
> HTTP API (or Futon) to create the admin account. The password is
> stored *somewhere* under the hood. IMHO it is less simple to add a
> command-line tool as a requirement (or worse, as an alternative
> option) to deploy Couch.
> --
it all depends if you admin via a console.

couchctl set-password username is a way easier than curl -XPUT
http://blah/_users -D... -H...  . at the end if you are a good admin you
will write this script. providing useful helpere don't break the kiss way


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message