You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by ro...@apache.org on 2022/05/11 09:07:04 UTC

[couchdb-documentation] branch main updated: Updates & links info on # iterations for authorization

This is an automated email from the ASF dual-hosted git repository.

ronny pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git


The following commit(s) were added to refs/heads/main by this push:
     new 2b35d4f  Updates & links info on # iterations for authorization
     new 51bb5b4  Merge pull request #727 from DougReeder/main
2b35d4f is described below

commit 2b35d4fd3df98f9b9c79876c6bb5c7a616a66353
Author: P. Douglas Reeder <re...@gmail.com>
AuthorDate: Tue May 10 22:49:23 2022 -0400

    Updates & links info on # iterations for authorization
---
 src/config/auth.rst    | 4 +++-
 src/intro/security.rst | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/config/auth.rst b/src/config/auth.rst
index 34acd91..40a7a8f 100644
--- a/src/config/auth.rst
+++ b/src/config/auth.rst
@@ -201,7 +201,9 @@ Authentication Configuration
 
         The number of iterations for password hashing by the PBKDF2 algorithm.
         A higher  number provides better hash durability, but comes at a cost
-        in performance for each request that requires authentication. ::
+        in performance for each request that requires authentication.
+        When using hundreds of thousands of iterations, use session cookies, or the performance hit will be huge.
+        (The internal hashing algorithm is SHA1, which affects the recommended number of iterations.) ::
 
             [chttpd_auth]
             iterations = 10000
diff --git a/src/intro/security.rst b/src/intro/security.rst
index 30c2da8..0a4aebb 100644
--- a/src/intro/security.rst
+++ b/src/intro/security.rst
@@ -307,7 +307,7 @@ several *mandatory* fields, that CouchDB needs for authentication:
 - **salt** (*string*): Hash salt. Used for both ``simple`` and ``pbkdf2``
   ``password_scheme`` options.
 - **iterations** (*integer*): Number of iterations to derive key, used for ``pbkdf2``
-  ``password_scheme``
+  ``password_scheme`` See the :ref:`configuration API <config/chttpd_auth>`:: for details.
 - **type** (*string*): Document type. Constantly has the value ``user``
 
 Additionally, you may specify any custom fields that relate to the target