[jira] [Closed] (COUCHDB-2066) Don't allow stupid storage of passwords

Robert Newson (JIRA) Sun, 26 Oct 2014 16:39:06 -0700

     [ 
https://issues.apache.org/jira/browse/COUCHDB-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Newson closed COUCHDB-2066.
----------------------------------
    Resolution: Won't Fix

Instead, passwords will be upgraded to the new scheme on next auth thanks to 
COUCHDB-1780. Administrators can disable sha1 entirely when COUCHDB-2068 lands.

> Don't allow stupid storage of passwords
> ---------------------------------------
>
>                 Key: COUCHDB-2066
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2066
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Isaac Z. Schlueter
>
> If a password_sha/salt combination is PUT into the _users db, wrap that up in 
> PBKDF2.
> Discussion:
> https://twitter.com/janl/status/434818855626502144
> https://twitter.com/izs/status/434835388213899264
> https://twitter.com/janl/status/434835614790586368



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (COUCHDB-2066) Don't allow stupid storage of passwords

Reply via email to