You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Alexander Shorin (JIRA)" <ji...@apache.org> on 2015/08/31 19:20:46 UTC
[jira] [Commented] (COUCHDB-2794) Documentation not fully correct
for couch_httpd_auth/secret
[ https://issues.apache.org/jira/browse/COUCHDB-2794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723718#comment-14723718 ]
Alexander Shorin commented on COUCHDB-2794:
-------------------------------------------
That's right: secret is used both for proxy and cookie auth.
> Documentation not fully correct for couch_httpd_auth/secret
> -----------------------------------------------------------
>
> Key: COUCHDB-2794
> URL: https://issues.apache.org/jira/browse/COUCHDB-2794
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Documentation
> Reporter: Nathan Vander Wilt
>
> The documentation for couch_httpd_auth/secret [currently states](http://docs.couchdb.org/en/latest/config/auth.html#couch_httpd_auth/secret) that the value is:
> > The secret token used for Proxy Authentication method.
> This does appear to be the case, but it's worth noting that AFAICT this secret is also used to sign cookie authentication as well — i.e. changing it will "log out" all current cookie-based sessions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)