[ https://issues.apache.org/jira/browse/COUCHDB-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson closed COUCHDB-2066. ---------------------------------- Resolution: Won't Fix Instead, passwords will be upgraded to the new scheme on next auth thanks to COUCHDB-1780. Administrators can disable sha1 entirely when COUCHDB-2068 lands. > Don't allow stupid storage of passwords > --------------------------------------- > > Key: COUCHDB-2066 > URL: https://issues.apache.org/jira/browse/COUCHDB-2066 > Project: CouchDB > Issue Type: Bug > Security Level: public(Regular issues) > Reporter: Isaac Z. Schlueter > > If a password_sha/salt combination is PUT into the _users db, wrap that up in > PBKDF2. > Discussion: > https://twitter.com/janl/status/434818855626502144 > https://twitter.com/izs/status/434835388213899264 > https://twitter.com/janl/status/434835614790586368 -- This message was sent by Atlassian JIRA (v6.3.4#6332)