rnewson commented on code in PR #4814:
URL: https://github.com/apache/couchdb/pull/4814#discussion_r1388152414
##########
src/couch/src/couch_httpd_auth.erl:
##########
@@ -662,10 +643,14 @@ authenticate(Pass, UserProps) ->
couch_util:get_value(<<"password_sha">>, UserProps, nil)
};
<<"pbkdf2">> ->
+ PRF = couch_util:get_value(<<"pbkdf2_prf">>, UserProps,
<<"sha">>),
+ verify_prf(PRF),
Iterations = couch_util:get_value(<<"iterations">>, UserProps,
10000),
Review Comment:
hm, seconds thoughts on this. the 10000 setting is quite old and for the
case where UserProps has pbkdf2 hash but has somehow lost its "iterations"
property. Frankly having a default here makes no sense, so perhaps it should be
a get_value/2 and then verify_iterations tweaked to fail for `undefined`?
The get_value/3 for pbkdf2_prf on the other hand _is_ right. existing pbkdf2
hashes will be hashed with `sha` and won't have this new field.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@couchdb.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
