You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Joan Touzet (JIRA)" <ji...@apache.org> on 2017/04/22 15:46:04 UTC

[jira] [Commented] (COUCHDB-2367) Eliminate plaintext passwords altogether

    [ https://issues.apache.org/jira/browse/COUCHDB-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15979990#comment-15979990 ] 

Joan Touzet commented on COUCHDB-2367:
--------------------------------------

Bump. [~candeira] do you think you have time to finish this one up, or need some help? Ran square into this one while building packages...Python includes pbkdf2 in hashlib since 2.7.8 which should be in most distributions by now.

> Eliminate plaintext passwords altogether
> ----------------------------------------
>
>                 Key: COUCHDB-2367
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2367
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: Database Core
>            Reporter: Javier Candeira
>            Assignee: Javier Candeira
>
> In discussion about https://issues.apache.org/jira/browse/COUCHDB-2364, rnewson and candeira agreed on:
> <+rnewson> Maybe spent a little more time on the idea that we remove support for plaintext passwords entirely?
> <+rnewson> I dislike the hash-on-startup thing.
> <+rnewson> we could insist that you set up admins via PUT _config
> <+rnewson> and remove the hash_unhashed_admins function, and also ignore non-hashed lines in config
> <+rnewson> couchdb 2.0 could simply require the hashed version from the start (and we'd supply a hashing tool akin to htpasswd in httpd), or 
> < kandinski> what about PUT _config, it would still exist?
> <+rnewson> absolutely, yes.
> <+rnewson> the PUT _config can take plaintext passwords (and there's a ?raw=true iirc to inhibit hashing) since that invokes code *before* we update the file, so the file never contains plaintext
> <+rnewson> basically, the goal is to change couchdb so that password hashing is done before writing the file, in all cases. if you *don't* put a hashed value into [admins], the line is simply ignored.
> <+rnewson> and that's how we fix the hole.
> <+rnewson> [admins]
> <+rnewson> foo = bar
> <+rnewson> is a couchdb with no admins



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)