You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2011/04/14 09:17:58 UTC
[Couchdb Wiki] Update of "Security_Features_Overview" by PasiEronen
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Security_Features_Overview" page has been changed by PasiEronen.
http://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=23&rev2=24
--------------------------------------------------
All these rules regarding authentication database documents are enforced by the validate document update function stored in the design document with ID "_design/_auth" found in the authentication database (it is automatically created by CouchDB).
=== Generating password_sha ===
- `password_sha` can be generated a number of different ways. OpenSSL's `sha` and `sha1` functions are not compatible. Below are some methods that work:
+ `password_sha` can be generated a number of different ways. Below are some methods that work:
+
+ OpenSSL command line tool
+ {{{
+ $ echo -n "foobar" | openssl sha1
+ 8843d7f92416211de9ebb963ff4ce28125932878
+ }}}
Erlang
@@ -155, +161 @@
String digested = digester.digest("foobar").toLowerCase(); // 8843d7f92416211de9ebb963ff4ce28125932878
}}}
==== Salt and Password Generator ====
+
+
This Perl script expects a password on STDIN or as its first parameter, and an optional salt as its second parameter. If no salt is provided, a random one will be selected.
The salt and password_sha are printed on STDOUT.
@@ -195, +203 @@
my $password_sha = sha1($password,$salt);
print "password_sha = ".unpack('H*',$password_sha)."\n";
}}}
+
+ OpenSSL command line version:
+
+ {{{
+ $ SALT=`openssl rand 16 | openssl md5'
+ $ echo salt=$SALT
+ salt=b7774c617642099bbe6233e9ee08a8eb
+ $ echo -n "foobar$SALT" | openssl sha1
+ b79393894929362b5ba006ce210467fec5bae9ef
+ }}}
+
+
== Document Update Validation ==
See [[Document_Update_Validation]].