couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <>
Subject Re: Configuration Load Order
Date Wed, 17 Aug 2011 15:27:50 GMT
On Wednesday, August 17, 2011, Jason Smith <> wrote:
> On Wed, Aug 17, 2011 at 9:22 PM, Robert Newson <> wrote:
>> <distilled from IRC chat>
>> A separate password file as described above, but can only be updated
>> # couchdb --set-password admin
>> Password: foo
>> Password updated.
> What problem is this solving exactly? This thread started because you
> edit foo.ini and subsequent changes go to bar.ini.

because the biggest pb are passwords. local.ini could be then used for what
it should be: local configuration updated via http or not.
> That foo.ini happens to hold plaintext passwords instead of, say, TCP
> nodelay only underscores the problem. But plaintext vs. hashed
> passwords is a totally different matter.
> But regarding passwords, would you humor me and please re-state the
> requirements?
> I think it is a solution looking for a problem. Are we talking about
> moving *all* passwords to this file (ignoring _user doc .salt and
> .password_sha)? Or are we keeping those in sync now? Or is this just
> admin passwords? But only admins can see (hashed) passwords over HTTP.
> On Unix filesystems, if you have permission to read
> /etc/couchdb/local.ini then you very likely have permission to read
> /var/lib/couchdb/everything.couch, so what is the point?

be safer and more logical. passwords shouldn't be put in plain text at all.
> Regarding --set-password and couchctl, unless I am missing some
> serious requirement (possible), it sounds like CouchDB is poised to
> get much more complex soon. I spend all my free time bragging about
> how simple it is so that would be quite a blow to my ego.
> Thanks.
what is the argument against smplicity here?

- benoit

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message