Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-2066

Don't allow stupid storage of passwords

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • None
    • Security Level: public (Regular issues)
    • None

    Description

      If a password_sha/salt combination is PUT into the _users db, wrap that up in PBKDF2.

      Discussion:
      https://twitter.com/janl/status/434818855626502144
      https://twitter.com/izs/status/434835388213899264
      https://twitter.com/janl/status/434835614790586368

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. COUCHDB-1634 authentication slows down all requests

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. COUCHDB-1780 Upgrade users password hash on login, not password change

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              isaacs Isaac Z. Schlueter
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: