[ https://issues.apache.org/jira/browse/COUCHDB-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson reassigned COUCHDB-2367: -------------------------------------- Assignee: Javier Candeira all yours! > Eliminate plaintext passwords altogether > ---------------------------------------- > > Key: COUCHDB-2367 > URL: https://issues.apache.org/jira/browse/COUCHDB-2367 > Project: CouchDB > Issue Type: Improvement > Security Level: public(Regular issues) > Components: Database Core > Reporter: Javier Candeira > Assignee: Javier Candeira > > In discussion about https://issues.apache.org/jira/browse/COUCHDB-2364, > rnewson and candeira agreed on: > <+rnewson> Maybe spent a little more time on the idea that we remove support > for plaintext passwords entirely? > <+rnewson> I dislike the hash-on-startup thing. > <+rnewson> we could insist that you set up admins via PUT _config > <+rnewson> and remove the hash_unhashed_admins function, and also ignore > non-hashed lines in config > <+rnewson> couchdb 2.0 could simply require the hashed version from the start > (and we'd supply a hashing tool akin to htpasswd in httpd), or > < kandinski> what about PUT _config, it would still exist? > <+rnewson> absolutely, yes. -- This message was sent by Atlassian JIRA (v6.3.4#6332)