couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jay Zamboni <jzamb...@vretina.com>
Subject Re: Conflicting password-storage info on the wiki
Date Thu, 10 Nov 2011 22:33:38 GMT
I am using this couchdb jquery plugin (
http://bradley-holt.com/2011/07/couchdb-jquery-plugin-reference/) to create
user accounts.  When creating users this way the information shows up in
_users, not the .ini file.


var userDoc = { _id: "org.couchdb.user:bob", name: "bob" };
$.couch.signup(userDoc, "supersecurepassword", { success:
function(data) {console.log(data); }, error:
function(status) { console.log(status); } });
On Thu, Nov 10, 2011 at 3:02 PM, Adam Kocoloski <kocolosk@apache.org> wrote:

> On Nov 10, 2011, at 5:00 PM, Jens Alfke wrote:
>
> > According to the wiki[1], the documents in the _users database store
> hashed passwords in “password_sha” and “salt” attributes. But when I look
> at my actual running server, _users documents don’t have those fields in
> them, just “name”, “type” and “roles”. Instead, the hashed password seems
> to live in an [admin] section of the local .ini file, as referred to
> elsewhere in the wiki[2].
> >
> > I’m assuming the “Security Features Overview” page [1] is out of date,
> and the hashed passwords were moved out of the database to make them safer
> from attack?
>
> Heh.  No, they're still stored out in the open for anyone to see.  Only
> the server admin passwords are stored in the .ini file.  Did you try
> creating a normal user?  As far as I know that documentation is still
> accurate.
>
> Adam
>
> > If so, what’s the best procedure for adding user accounts
> programmatically? Post to _config first to set up the password, then add
> the user document to _users?
> >
> > —Jens
> >
> > [1]
> http://wiki.apache.org/couchdb/Security_Features_Overview#Authentication_database
> > [2] http://wiki.apache.org/couchdb/Setting_up_an_Admin_account
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message