couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Newson (JIRA)" <>
Subject [jira] [Assigned] (COUCHDB-2367) Eliminate plaintext passwords altogether
Date Wed, 08 Oct 2014 23:07:34 GMT


Robert Newson reassigned COUCHDB-2367:

    Assignee: Javier Candeira

all yours!

> Eliminate plaintext passwords altogether
> ----------------------------------------
>                 Key: COUCHDB-2367
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Javier Candeira
>            Assignee: Javier Candeira
> In discussion about, rnewson and candeira
agreed on:
> <+rnewson> Maybe spent a little more time on the idea that we remove support for
plaintext passwords entirely?
> <+rnewson> I dislike the hash-on-startup thing.
> <+rnewson> we could insist that you set up admins via PUT _config
> <+rnewson> and remove the hash_unhashed_admins function, and also ignore non-hashed
lines in config
> <+rnewson> couchdb 2.0 could simply require the hashed version from the start (and
we'd supply a hashing tool akin to htpasswd in httpd), or 
> < kandinski> what about PUT _config, it would still exist?
> <+rnewson> absolutely, yes.

This message was sent by Atlassian JIRA

View raw message