Apache CouchDB 1.5.1
Verify that auth-related properties are well-formed
Passing unexpected values to auth fields can result in server
issues. Notably, setting "iterations" to a string will cause an
infinite loop as the comparison 'when Iteration > Iterations' will
never evaluate to true.
The latest validate_doc_update prevents user docs with this problem
and administrators can deploy that check themselves (and only
administrators can edit design documents).
A server administrator can also insist on lower and upper bounds for
iteration count to reject weakly protected passwords and
resource-hungry passwords respectively.
COUCHDB-2221
1 file changed
