You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2022/05/11 09:07:04 UTC
[couchdb-documentation] branch main updated: Updates & links info on # iterations for authorization
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git
The following commit(s) were added to refs/heads/main by this push:
new 2b35d4f Updates & links info on # iterations for authorization
new 51bb5b4 Merge pull request #727 from DougReeder/main
2b35d4f is described below
commit 2b35d4fd3df98f9b9c79876c6bb5c7a616a66353
Author: P. Douglas Reeder <re...@gmail.com>
AuthorDate: Tue May 10 22:49:23 2022 -0400
Updates & links info on # iterations for authorization
---
src/config/auth.rst | 4 +++-
src/intro/security.rst | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/config/auth.rst b/src/config/auth.rst
index 34acd91..40a7a8f 100644
--- a/src/config/auth.rst
+++ b/src/config/auth.rst
@@ -201,7 +201,9 @@ Authentication Configuration
The number of iterations for password hashing by the PBKDF2 algorithm.
A higher number provides better hash durability, but comes at a cost
- in performance for each request that requires authentication. ::
+ in performance for each request that requires authentication.
+ When using hundreds of thousands of iterations, use session cookies, or the performance hit will be huge.
+ (The internal hashing algorithm is SHA1, which affects the recommended number of iterations.) ::
[chttpd_auth]
iterations = 10000
diff --git a/src/intro/security.rst b/src/intro/security.rst
index 30c2da8..0a4aebb 100644
--- a/src/intro/security.rst
+++ b/src/intro/security.rst
@@ -307,7 +307,7 @@ several *mandatory* fields, that CouchDB needs for authentication:
- **salt** (*string*): Hash salt. Used for both ``simple`` and ``pbkdf2``
``password_scheme`` options.
- **iterations** (*integer*): Number of iterations to derive key, used for ``pbkdf2``
- ``password_scheme``
+ ``password_scheme`` See the :ref:`configuration API <config/chttpd_auth>`:: for details.
- **type** (*string*): Document type. Constantly has the value ``user``
Additionally, you may specify any custom fields that relate to the target