Javier Candeira created COUCHDB-2367:
----------------------------------------
Summary: Eliminate plaintext passwords altogether
Key: COUCHDB-2367
URL: https://issues.apache.org/jira/browse/COUCHDB-2367
Project: CouchDB
Issue Type: Improvement
Security Level: public (Regular issues)
Components: Database Core
Reporter: Javier Candeira
In discussion about https://issues.apache.org/jira/browse/COUCHDB-2364, rnewson
and candeira agreed on:
<+rnewson> Maybe spent a little more time on the idea that we remove support
for plaintext passwords entirely?
<+rnewson> I dislike the hash-on-startup thing.
<+rnewson> we could insist that you set up admins via PUT _config
<+rnewson> and remove the hash_unhashed_admins function, and also ignore
non-hashed lines in config
<+rnewson> couchdb 2.0 could simply require the hashed version from the start
(and we'd supply a hashing tool akin to htpasswd in httpd), or
< kandinski> what about PUT _config, it would still exist?
<+rnewson> absolutely, yes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
