couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Javier Candeira (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-2367) Eliminate plaintext passwords altogether
Date Wed, 08 Oct 2014 23:03:34 GMT
Javier Candeira created COUCHDB-2367:
----------------------------------------

             Summary: Eliminate plaintext passwords altogether
                 Key: COUCHDB-2367
                 URL: https://issues.apache.org/jira/browse/COUCHDB-2367
             Project: CouchDB
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: Database Core
            Reporter: Javier Candeira


In discussion about https://issues.apache.org/jira/browse/COUCHDB-2364, rnewson and candeira
agreed on:

<+rnewson> Maybe spent a little more time on the idea that we remove support for plaintext
passwords entirely?
<+rnewson> I dislike the hash-on-startup thing.
<+rnewson> we could insist that you set up admins via PUT _config
<+rnewson> and remove the hash_unhashed_admins function, and also ignore non-hashed
lines in config
<+rnewson> couchdb 2.0 could simply require the hashed version from the start (and we'd
supply a hashing tool akin to htpasswd in httpd), or 
< kandinski> what about PUT _config, it would still exist?
<+rnewson> absolutely, yes.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message