couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From KlausTrainer <...@git.apache.org>
Subject [GitHub] couchdb pull request: Upgrade password hashes on authentication
Date Wed, 19 Feb 2014 21:52:09 GMT
Github user KlausTrainer commented on a diff in the pull request:

    https://github.com/apache/couchdb/pull/152#discussion_r9885241
  
    --- Diff: share/www/script/couch_test_runner.js ---
    @@ -462,7 +462,11 @@ CouchDB.prepareUserDoc = function(user_doc, new_password) {
       if (new_password) {
         // handle the password crypto
         user_doc.salt = CouchDB.newUuids(1)[0];
    -    user_doc.password_sha = hex_sha1(new_password + user_doc.salt);
    +    user_doc.password_scheme = "pbkdf2";
    --- End diff --
    
    I did some research on the question why password hashing is done on the client in the
tests, and found no good reason for that.  I therefore removed it (see https://github.com/apache/couchdb/pull/154),
but would like to keep that change separate from this issue here.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. To do so, please top-post your response.
If your project does not have this feature enabled and wishes so, or if the
feature is enabled but not working, please contact infrastructure at
infrastructure@apache.org or file a JIRA ticket with INFRA.
---

Mime
View raw message