[GitHub] [couchdb] DUG-nick commented on issue #3665: Enable wider control of PBKDF2

[GitBox <gi...@apache.org>]

DUG-nick commented on issue #3665:
URL: https://github.com/apache/couchdb/issues/3665#issuecomment-879184870


   While I am thinking about this issue, I was wondering: would it be feasible for basic auth to generate a personal access token, as it is common practice with Github. 
   
   On the other hand, it would still be fantastic, if the security architect of any tool utilizing CouchDB could evaluate the risks and performance penalties for their own. So I think making the whole thing configurable would not hurt the system, but rather improve usability.
   
   For now, the only real alternative I can find is a JWT approach with a separate user management. But when synchronizing with a per_user approach, I see a strong potential for error here. It would be great to have couch as kind of the single source of truth in this context.
   
   Does anyone have some other feasible workaround idea?
   
      


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org