couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@iriscouch.com>
Subject Re: git commit: updated refs/heads/master to c98ba56
Date Sat, 01 Jun 2013 04:32:46 GMT
On Sat, Jun 1, 2013 at 9:14 AM, Randall Leeds <randall.leeds@gmail.com>wrote:

> On Fri, May 31, 2013 at 4:30 PM, Jason Smith <jhs@iriscouch.com> wrote:
> > Hi, Benoit.
> >
> > I did not put this in a branch since it was a single commit. I think I
> > missed that IRC meeting and did not realize the policy.
> >
> > My original implementation assumed a "raw" update if the password had a
> > "-pbkdf2-" prefix. Yes, that means people can no longer have a password
> of
> > literally "-pbkdf2-<etc.>" but I figured CouchDB should DTRT in that one
> > special case.
>
> Isn't that already a restriction in the sense that you can't put a
> plaint-text password in the .ini that starts with -pbkdf2-?
>

Both methods have their own restrictions.

When editing an .ini file, you *can* trivially set a password cyphertext
(just paste it in), but you cannot set a password to literally
"-pbkdf2-...". (You could calculate the hash yourself and then paste that.)

When using the API, you *can* trivially set a password to literal
"-pbkdf2-..." but you cannot set the password to some cyphertext, as-is.
(And reversing the hash back to the plaintext is impossible.)

In other words, even if you are admin on couch A and admin on couch B, you
cannot synchronize the admin passwords using the API.


> > The new way (?raw=true), the API is explicit rather than implicit. That
> is
> > "simple" in its own way.
>

> But less simple in that it's a new parameter and new feature (assuming
> what I said before is correct -- that it was not possible via the .ini
> to have this kind of password). I'm leaning toward Benoit's suggestion
> on this one.
>

‚ÄčI agree with Benoit too. However, I brought this up on IRC and literally
every person there had their own opinion. (Dikjan had a cool idea of
sending an object instead of a string.) It was a textbook bike shed.

Somebody made a decent argument that Couch should not "DWIM" depending on
the content of your config value. That way would change the API (in a rare
situation, I admit). With the "raw" option, the API is merely extended.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message