couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Newson (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (COUCHDB-2367) Eliminate plaintext passwords altogether
Date Wed, 08 Oct 2014 23:07:34 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Newson reassigned COUCHDB-2367:
--------------------------------------

    Assignee: Javier Candeira

all yours!

> Eliminate plaintext passwords altogether
> ----------------------------------------
>
>                 Key: COUCHDB-2367
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2367
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Javier Candeira
>            Assignee: Javier Candeira
>
> In discussion about https://issues.apache.org/jira/browse/COUCHDB-2364, rnewson and candeira
agreed on:
> <+rnewson> Maybe spent a little more time on the idea that we remove support for
plaintext passwords entirely?
> <+rnewson> I dislike the hash-on-startup thing.
> <+rnewson> we could insist that you set up admins via PUT _config
> <+rnewson> and remove the hash_unhashed_admins function, and also ignore non-hashed
lines in config
> <+rnewson> couchdb 2.0 could simply require the hashed version from the start (and
we'd supply a hashing tool akin to htpasswd in httpd), or 
> < kandinski> what about PUT _config, it would still exist?
> <+rnewson> absolutely, yes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message