On Mon, Aug 15, 2011 at 8:29 PM, Jan Lehnardt <[email protected]> wrote: > > On Aug 15, 2011, at 7:36 PM, Noah Slater wrote: > >> >> On 15 Aug 2011, at 18:32, Jan Lehnardt wrote: >> >>> 1. Write admin = password to local.ini >>> 2. Restart CouchDB >>> 3. Hash gets persisted to generated.ini >>> 4. Plain text password remains in local.ini >> >> Which one of these steps is the problem? 4? What would you have happen in >> place of that? That the plain text password be removed? Could we not simply >> leave that up to the admin to remove it from the config? What if it is >> needed again at some point? If I put my plain text password in a config file >> that I had edited by hand on a server, I would not expect it to be removed >> by the software. If I was concerned about saving the plain text password in >> the first place, I would hope that the software in question would come with >> an interactive prompt that would ask me for my password and write the hash >> out to the file for me. > > I would expect that a plaintext admin password would never survive a server > restart. > > If you want to change the admin-addition procedure to a startup prompt thing, > I'd be happy to consider this, but currently we are stuck between a rock and > a hard place because all the documentation out there suggests adding an admin > to local.ini will do the trick, yet distributions that add config files to > local.d/ will keep plaintext passwords around, contrary to what is > documented. I consider this a bad user experience as well as a security issue. > > I was supporting that local.ini should come after local.d/*.ini, but dev@ > overturned me here and came up with generated.ini, which I'd be fine with, > except, it doesn't solve the original problem. > > Cheers > Jan > --
Imo we shouldn't at all provide plaintext passwords. Maybe a safer option would be to let the admin create the first one via http or put the hash in the a password.ini file manually. If we are enough kind we could also provide a couchctl script allowing user management, config changes ... ? - benoƮt
