You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Alexander Shorin (JIRA)" <ji...@apache.org> on 2015/08/31 19:20:46 UTC

[jira] [Commented] (COUCHDB-2794) Documentation not fully correct for couch_httpd_auth/secret

    [ https://issues.apache.org/jira/browse/COUCHDB-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723718#comment-14723718 ] 

Alexander Shorin commented on COUCHDB-2794:
-------------------------------------------

That's right: secret is used both for proxy and cookie auth.

> Documentation not fully correct for couch_httpd_auth/secret
> -----------------------------------------------------------
>
>                 Key: COUCHDB-2794
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2794
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Documentation
>            Reporter: Nathan Vander Wilt
>
> The documentation for couch_httpd_auth/secret [currently states](http://docs.couchdb.org/en/latest/config/auth.html#couch_httpd_auth/secret) that the value is:
> > The secret token used for Proxy Authentication method.
> This does appear to be the case, but it's worth noting that AFAICT this secret is also used to sign cookie authentication as well — i.e. changing it will "log out" all current cookie-based sessions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)