You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2013/11/12 16:24:47 UTC

[Couchdb Wiki] Trivial Update of "Security_Features_Overview" by JavierCandeira

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Security_Features_Overview" page has been changed by JavierCandeira:
https://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=40&rev2=41

Comment:
typography

'''Note:''' If you are using CouchDB versions 1.1.x or earlier, please see "Generating password_sha" below for more about the SHA-1 hash.

- Since CouchDB 1.2.0, the `password_sha` and `salt` fields are automatically created when a `password` field is present in the user document. When the user document is written, CouchDB checks for the existence of the `password` field and if it exists, it will generate a salt, hash the value of the `password field and hash the concatenation of the password hash and the salt. It then writes the resulting password into the `password_sha` field and the salt into the `salt` field. The `password` field is removed.
+ Since CouchDB 1.2.0, the `password_sha` and `salt` fields are automatically created when a `password` field is present in the user document. When the user document is written, CouchDB checks for the existence of the `password` field and if it exists, it will generate a salt, hash the value of the `password field` and hash the concatenation of the password hash and the salt. It then writes the resulting password into the `password_sha` field and the salt into the `salt` field. The `password` field is removed.

This has the following implications: Clients no longer have to calculate the password salt and hash manually. Yay.