You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/07/10 11:47:22 UTC
[23/50] documentation commit: updated refs/heads/import-master to
fe7f7bf
Verify that auth-related properties are well-formed
Passing unexpected values to auth fields can result in server
issues. Notably, setting "iterations" to a string will cause an
infinite loop as the comparison 'when Iteration > Iterations' will
never evaluate to true.
The latest validate_doc_update prevents user docs with this problem
and administrators can deploy that check themselves (and only
administrators can edit design documents).
A server administrator can also insist on lower and upper bounds for
iteration count to reject weakly protected passwords and
resource-hungry passwords respectively.
COUCHDB-2221
Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/9d61faff
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/9d61faff
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/9d61faff
Branch: refs/heads/import-master
Commit: 9d61faff2a31bcc39bb9009a6126ece300fff23e
Parents: 1d31c3a
Author: Robert Newson <rn...@apache.org>
Authored: Sun Apr 6 18:31:15 2014 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Sun Apr 6 22:09:54 2014 +0100
----------------------------------------------------------------------
src/config/auth.rst | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/9d61faff/src/config/auth.rst
----------------------------------------------------------------------
diff --git a/src/config/auth.rst b/src/config/auth.rst
index 4127288..8311140 100644
--- a/src/config/auth.rst
+++ b/src/config/auth.rst
@@ -166,6 +166,30 @@ Authentication Configuration
[couch_httpd_auth]
iterations = 10000
+ .. config:option:: min_iterations :: Minimum PBKDF2 iterations count
+
+ .. versionadded:: 1.6
+
+ The minimum number of iterations allowed for passwords hashed by
+ the PBKDF2 algorithm. Any user with fewer iterations is forbidden.
+
+ ::
+
+ [couch_httpd_auth]
+ min_iterations = 100
+
+ .. config:option:: max_iterations :: Maximum PBKDF2 iterations count
+
+ .. versionadded:: 1.6
+
+ The maximum number of iterations allowed for passwords hashed by
+ the PBKDF2 algorithm. Any user with greater iterations is forbidden.
+
+ ::
+
+ [couch_httpd_auth]
+ max_iterations = 100000
+
.. config:option:: proxy_use_secret :: Force proxy auth use secret token