[Couchdb Wiki] Update of "Security_Features_Overview" by PasiEronen

[Apache Wiki <wi...@apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Security_Features_Overview" page has been changed by PasiEronen.
http://wiki.apache.org/couchdb/Security_Features_Overview?action=diff&rev1=23&rev2=24

--------------------------------------------------

  All these rules regarding authentication database documents are enforced by the validate document update function stored in the design document with ID "_design/_auth" found in the authentication database (it is automatically created by CouchDB).
  
  === Generating password_sha ===
- `password_sha` can be generated a number of different ways.  OpenSSL's `sha` and `sha1` functions are not compatible.  Below are some methods that work:
+ `password_sha` can be generated a number of different ways.  Below are some methods that work:
+ 
+ OpenSSL command line tool
+ {{{
+ $ echo -n "foobar" | openssl sha1
+ 8843d7f92416211de9ebb963ff4ce28125932878
+ }}}
  
  Erlang
  
@@ -155, +161 @@

  String digested = digester.digest("foobar").toLowerCase();  // 8843d7f92416211de9ebb963ff4ce28125932878
  }}}
  ==== Salt and Password Generator ====
+ 
+ 
  This Perl script expects a password on STDIN or as its first parameter, and an optional salt as its second parameter. If no salt is provided, a random one will be selected.
  
  The salt and password_sha are printed on STDOUT.
@@ -195, +203 @@

  my $password_sha = sha1($password,$salt);
  print "password_sha = ".unpack('H*',$password_sha)."\n";
  }}}
+ 
+ OpenSSL command line version:
+ 
+ {{{
+ $ SALT=`openssl rand 16 | openssl md5'
+ $ echo salt=$SALT
+ salt=b7774c617642099bbe6233e9ee08a8eb
+ $ echo -n "foobar$SALT" | openssl sha1
+ b79393894929362b5ba006ce210467fec5bae9ef
+ }}}
+ 
+ 
  == Document Update Validation ==
  See [[Document_Update_Validation]].