According to the wiki[1], the documents in the _users database store hashed passwords in “password_sha” and “salt” attributes. But when I look at my actual running server, _users documents don’t have those fields in them, just “name”, “type” and “roles”. Instead, the hashed password seems to live in an [admin] section of the local .ini file, as referred to elsewhere in the wiki[2].
I’m assuming the “Security Features Overview” page [1] is out of date, and the hashed passwords were moved out of the database to make them safer from attack? If so, what’s the best procedure for adding user accounts programmatically? Post to _config first to set up the password, then add the user document to _users? —Jens [1] http://wiki.apache.org/couchdb/Security_Features_Overview#Authentication_database [2] http://wiki.apache.org/couchdb/Setting_up_an_Admin_account
