incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svilen ...@svilendobrev.com>
Subject Re: passwords
Date Tue, 23 Apr 2013 12:28:15 GMT
i just tested these:
 'h:h' - works
 ':h' - fails
 'h:' - fails

seems ':' at any end breaks it.

On Tue, 23 Apr 2013 13:10:09 +0100
Robert Newson <rnewson@apache.org> wrote:

> Hm, I made an admin 'foo' with password 'foo:bar' just fine (on master
> branch, but this hasn't changed since those fixes I think).
> B.
> 
> On 23 April 2013 12:43, svilen <az@svilendobrev.com> wrote:
> > so there is an issue about it
> > https://issues.apache.org/jira/browse/COUCHDB-969
> >
> > which says "resolved", but looking at 1.2.0 sources -
> > couch_httpd_auth/ basic_name_pw, i don't see any special case (or
> > test). (although i cannot read Erlang well)
> >
> > i tested with passwords like "//" and "@@", seems to work. So it's
> > only ':' that is the trouble as in the issue above.
> >
> > ciao
> > svilen
> >
> > On Tue, 23 Apr 2013 14:15:47 +0300
> > svilen <az@svilendobrev.com> wrote:
> >
> >> g'day
> >>
> >> i am trying to set a user with a password that is not just
> >> alphanumeric. e.g. "b:@" (or if uri-encoded, b%3A%40)
> >>
> >> but the result of getting the /_users/ doc is always
> >> 401-unauthorized.
> >>
> >> if i login in Futon, it seems to work.
> >> when i compute the pasword_sha myself and compare to whats in
> >> user/doc, it matches.
> >>
> >> but http via basic authentication won't let me in.
> >> e.g.
> >> curl -vX GET
> >> http://auser:b%3A%40@server:5984/_users/org.couchdb.user%3Aauser
> >>
> >> (seems the subject is very tricky and rarely paid attention to in
> >> various http libraries i looked recently. Everyone just lumps the
> >> usr+":"+psw and uri-encoding/decoding is left out..)
> >>
> >> any idea of what can be the problem?
> >> what is Futon using so i can check the source?
> >>
> >> ciao
> >> svilen

Mime
View raw message