On Wed, Aug 17, 2011 at 9:22 PM, Robert Newson <rnew...@apache.org> wrote: > <distilled from IRC chat> > > A separate password file as described above, but can only be updated thus; > > # couchdb --set-password admin > Password: foo > Password updated.
What problem is this solving exactly? This thread started because you edit foo.ini and subsequent changes go to bar.ini. That foo.ini happens to hold plaintext passwords instead of, say, TCP nodelay only underscores the problem. But plaintext vs. hashed passwords is a totally different matter. But regarding passwords, would you humor me and please re-state the requirements? I think it is a solution looking for a problem. Are we talking about moving *all* passwords to this file (ignoring _user doc .salt and .password_sha)? Or are we keeping those in sync now? Or is this just admin passwords? But only admins can see (hashed) passwords over HTTP. On Unix filesystems, if you have permission to read /etc/couchdb/local.ini then you very likely have permission to read /var/lib/couchdb/everything.couch, so what is the point? Regarding --set-password and couchctl, unless I am missing some serious requirement (possible), it sounds like CouchDB is poised to get much more complex soon. I spend all my free time bragging about how simple it is so that would be quite a blow to my ego. Thanks. -- Iris Couch
