You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by gi...@git.apache.org on 2017/08/24 16:13:50 UTC

[GitHub] S-Aggarwal opened a new issue #777: Adding admins through local.ini doesn't encrypt passwords after restart

S-Aggarwal opened a new issue #777: Adding admins through local.ini doesn't encrypt passwords after restart
URL: https://github.com/apache/couchdb/issues/777
 
 
   ## Expected Behavior
   If you add a new admin using the `[admins]` section of the `locals.ini` file, the password should get salted and encrypted (using pkbdf2) after restarting CouchDB. 
   
   ## Current Behavior
   The password remains in plaintext while a copy is created in the 10-admins.ini file in the local.d directory where the encrypted password is stored.
   
   Files after restarting CouchDB:
   locals.ini
   ```ini
   [admins]
   ;admin = mysecretpassword
   testadmin = testpass
   ```
   
   locals.d/10-admins.ini
   ```ini
   [admins]
   testadmin = -pbkdf2-1c9e78dae1afdf034b5777a62a8a7e8a0c8e93fd,56a7565edee375ebb7cb872185ea364c,10
   ```
   
   ## Possible Solution
   Edit `local.ini` with encrypted password as well after parsing it on start-up.
   
   ## Your Environment
   <!--- Include as many relevant details about the environment you experienced the bug in -->
   * Version used: CouchDB 2.1.0
   * Operating System and version (desktop or mobile): Ubuntu 16.04
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services