couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@iriscouch.com>
Subject Re: Configuration Load Order
Date Wed, 17 Aug 2011 14:58:17 GMT
On Wed, Aug 17, 2011 at 9:22 PM, Robert Newson <rnewson@apache.org> wrote:
> <distilled from IRC chat>
>
> A separate password file as described above, but can only be updated thus;
>
> # couchdb --set-password admin
> Password: foo
> Password updated.

What problem is this solving exactly? This thread started because you
edit foo.ini and subsequent changes go to bar.ini.

That foo.ini happens to hold plaintext passwords instead of, say, TCP
nodelay only underscores the problem. But plaintext vs. hashed
passwords is a totally different matter.

But regarding passwords, would you humor me and please re-state the
requirements?

I think it is a solution looking for a problem. Are we talking about
moving *all* passwords to this file (ignoring _user doc .salt and
.password_sha)? Or are we keeping those in sync now? Or is this just
admin passwords? But only admins can see (hashed) passwords over HTTP.
On Unix filesystems, if you have permission to read
/etc/couchdb/local.ini then you very likely have permission to read
/var/lib/couchdb/everything.couch, so what is the point?

Regarding --set-password and couchctl, unless I am missing some
serious requirement (possible), it sounds like CouchDB is poised to
get much more complex soon. I spend all my free time bragging about
how simple it is so that would be quite a blow to my ego.

Thanks.

-- 
Iris Couch

Mime
View raw message