[ https://issues.apache.org/jira/browse/COUCHDB-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14215243#comment-14215243 ]
Javier Candeira commented on COUCHDB-2367: ------------------------------------------ Status report: I have this patch working; in fact I've had it for weeks now. I haven't submitted a pull request because I was waiting for https://issues.apache.org/jira/browse/COUCHDB-2362 to drop into master, and currently I'm trying to find a moment to finish two more things: - tests - the couchpasswd utility to edit hashed passwords into the config files, both interactively and in scripts/batches. > Eliminate plaintext passwords altogether > ---------------------------------------- > > Key: COUCHDB-2367 > URL: https://issues.apache.org/jira/browse/COUCHDB-2367 > Project: CouchDB > Issue Type: Improvement > Security Level: public(Regular issues) > Components: Database Core > Reporter: Javier Candeira > Assignee: Javier Candeira > > In discussion about https://issues.apache.org/jira/browse/COUCHDB-2364, > rnewson and candeira agreed on: > <+rnewson> Maybe spent a little more time on the idea that we remove support > for plaintext passwords entirely? > <+rnewson> I dislike the hash-on-startup thing. > <+rnewson> we could insist that you set up admins via PUT _config > <+rnewson> and remove the hash_unhashed_admins function, and also ignore > non-hashed lines in config > <+rnewson> couchdb 2.0 could simply require the hashed version from the start > (and we'd supply a hashing tool akin to htpasswd in httpd), or > < kandinski> what about PUT _config, it would still exist? > <+rnewson> absolutely, yes. > <+rnewson> the PUT _config can take plaintext passwords (and there's a > ?raw=true iirc to inhibit hashing) since that invokes code *before* we update > the file, so the file never contains plaintext > <+rnewson> basically, the goal is to change couchdb so that password hashing > is done before writing the file, in all cases. if you *don't* put a hashed > value into [admins], the line is simply ignored. > <+rnewson> and that's how we fix the hole. > <+rnewson> [admins] > <+rnewson> foo = bar > <+rnewson> is a couchdb with no admins -- This message was sent by Atlassian JIRA (v6.3.4#6332)