On Wed, Aug 17, 2011 at 10:22 PM, Robert Newson <[email protected]> wrote: > Jason, > > The --set-password thing is to ensure there are no plaintext passwords > in the first place, which eliminates the oddness of couch rewriting a > plaintext pwd to a digested pwd (and putting the output in a different > file).
Thanks for the clarification. If you can read a plaintext password from an .ini file, then you can hit the HTTP API as the admin and make changes to the couch. So that is privilege escalation. To answer Benoit's question, it is simpler to tell admins to use the HTTP API (or Futon) to create the admin account. The password is stored *somewhere* under the hood. IMHO it is less simple to add a command-line tool as a requirement (or worse, as an alternative option) to deploy Couch. -- Iris Couch
