You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2021/05/26 18:53:24 UTC
[GitHub] [couchdb] iilyak edited a comment on pull request #3577: Moved couch_httpd_auth options to chttpd_auth 3.x
iilyak edited a comment on pull request #3577:
URL: https://github.com/apache/couchdb/pull/3577#issuecomment-849035468
Looks good.
I think we need to put default values back for:
- "authentication_redirect" - to preserve compatibility during upgrade
- "iterations" - to maintain adequate security by default see [1].
[1] - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
> 5.2 The Iteration Count (C)
> A minimum iteration count of 1,000 is recommended. For especially critical keys, or for very powerful systems or systems where user-perceived performance is not critical, an iteration count of 10,000,000 may be appropriate.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org