You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2021/05/27 15:50:09 UTC

[GitHub] [couchdb] nickva commented on a change in pull request #3583: Moved couch_httpd_auth options to chttpd_auth main

nickva commented on a change in pull request #3583:
URL: https://github.com/apache/couchdb/pull/3583#discussion_r640753794



##########
File path: src/fabric/src/fabric2_users_db.erl
##########
@@ -89,7 +89,8 @@ save_doc(#doc{body={Body}} = Doc) ->
         Doc#doc{body={Body3}};
     {ClearPassword, "pbkdf2"} ->
         ok = validate_password(ClearPassword),
-        Iterations = list_to_integer(config:get("couch_httpd_auth", "iterations", "1000")),
+        Iterations = chttpd_util:get_chttpd_auth_config_integer(

Review comment:
       Default work factor was deliberately set to 10 https://github.com/apache/couchdb/commit/f726bc4dee4a4be0d5ed15f012cfbafd2a9dd7d7. We can switch it to something even higher than 1000 now as replication is using the cookie auth by default, but it probably shouldn't be part of this commit?
   
   If users updated the config value, that value would be in their `local.ini`  or `local.d/*.ini` files, and it would still be used after this commit. 
   
   `default.ini` file is shipped and replaced by the couchdb packages and users should expect that file to be overwritten [1]. As I understand it, for a while it was the place to store default config settings. Later on we started adding only commented defaults in there and using code default as primary default values.  But before that, in some cases, we just forgot to update the code defaults when we updated default.ini value so they got unsynchronized.
   
   
   [1] https://docs.couchdb.org/en/stable/config/intro.html
   ```
   Warning: The default.ini file may be overwritten during an upgrade or re-installation, so localised
   changes should be made to the local.ini file or files within the local.d directory.
   ```
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org