couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From KlausTrainer <>
Subject [GitHub] couchdb pull request: Upgrade password hashes on authentication
Date Wed, 19 Feb 2014 21:52:09 GMT
Github user KlausTrainer commented on a diff in the pull request:
    --- Diff: share/www/script/couch_test_runner.js ---
    @@ -462,7 +462,11 @@ CouchDB.prepareUserDoc = function(user_doc, new_password) {
       if (new_password) {
         // handle the password crypto
         user_doc.salt = CouchDB.newUuids(1)[0];
    -    user_doc.password_sha = hex_sha1(new_password + user_doc.salt);
    +    user_doc.password_scheme = "pbkdf2";
    --- End diff --
    I did some research on the question why password hashing is done on the client in the
tests, and found no good reason for that.  I therefore removed it (see,
but would like to keep that change separate from this issue here.

If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. To do so, please top-post your response.
If your project does not have this feature enabled and wishes so, or if the
feature is enabled but not working, please contact infrastructure at or file a JIRA ticket with INFRA.

View raw message