On 18 August 2011 00:47, Robert Newson <[email protected]> wrote: > Oh, that's not what I'm +1 for then. > > I specifically mean that passwords are never held in any .ini file, > but instead in a separate password file that contains nothing but > passwords, and never plaintext passwords either. It is updated with a > script which takes username and password, crunches it, and writes it > to the file. I used 'htpasswd' as shorthand for all of the above but > clearly was too terse, sorry.
+1 to htpasswd. self-mutilation is not a good look & contravenes principle of least surprise. > I quite like your proposal too, though, where only bootstrapping > (database_dir, etc) are in config and the rest can be read from a > special _config database (thus eliminating any manual alterations from > outside _config). > > B. +0. I support minimal ini entries for bootstrapping. Personally when admining stuff I used svn; storing in couch makes that a script instead of a text file. It's already easy for people to lose DB access by fiddling with rewrite rules; we need to ensure its reversable and intuitive in case of self-inflicted muppet moments. I'm not convinced the coolness of having everything in a _config.couch outweighs the convenience of vi on .ini. A+ Dave > On 17 August 2011 12:29, Noah Slater <[email protected]> wrote: >> >> On 16 Aug 2011, at 23:07, Robert Newson wrote: >> >>> nice idea to have a separate htpasswd (-like) file. Passwords are >>> special, let's treat them accordingly. >> >> Just to clarify. >> >> The proposal you're commenting on only suggest a separate password script >> that generates hashes which are then put into the regular ini files. >
