couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svilen ...@svilendobrev.com>
Subject Re: passwords
Date Tue, 23 Apr 2013 11:43:42 GMT
so there is an issue about it
https://issues.apache.org/jira/browse/COUCHDB-969

which says "resolved", but looking at 1.2.0 sources - couch_httpd_auth/
basic_name_pw, i don't see any special case (or test). (although i cannot read Erlang well)

i tested with passwords like "//" and "@@", seems to work. So it's only
':' that is the trouble as in the issue above.

ciao
svilen

On Tue, 23 Apr 2013 14:15:47 +0300
svilen <az@svilendobrev.com> wrote:

> g'day
> 
> i am trying to set a user with a password that is not just
> alphanumeric. e.g. "b:@" (or if uri-encoded, b%3A%40)
> 
> but the result of getting the /_users/ doc is always 401-unauthorized.
> 
> if i login in Futon, it seems to work. 
> when i compute the pasword_sha myself and compare to whats in
> user/doc, it matches.
> 
> but http via basic authentication won't let me in.
> e.g. 
> curl -vX GET
> http://auser:b%3A%40@server:5984/_users/org.couchdb.user%3Aauser
> 
> (seems the subject is very tricky and rarely paid attention to in
> various http libraries i looked recently. Everyone just lumps the
> usr+":"+psw and uri-encoding/decoding is left out..)
> 
> any idea of what can be the problem? 
> what is Futon using so i can check the source?
> 
> ciao
> svilen

Mime
View raw message