couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Configuration Load Order
Date Tue, 16 Aug 2011 18:33:33 GMT

On Aug 16, 2011, at 8:31 PM, Noah Slater wrote:

> 
> On 16 Aug 2011, at 10:33, Benoit Chesneau wrote:
> 
>> Imo we shouldn't at all provide plaintext passwords. Maybe a safer
>> option would be to let the admin create the first one via http or put
>> the hash in the a password.ini file manually. If we are enough kind we
>> could also provide a couchctl script allowing user management, config
>> changes ... ?
> 
> This sounds like a decent proposal. Much like you have to use htpasswd to generate passwords
for Apache httpd, we could bundle a script that lets you generate passwords for the CouchDB
ini files, and then forbid the use of plaintext. This solves both the technical problem (I
think?) and helps us re-enforce better security practices across the board.

Agreed.

Cheers
Jan
-- 


Mime
View raw message