Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
no edit summary
* Local permissions are now defined for database glob patterns instead of single databases. Both local and global permissions are stored in the same file.
* A new [[User Module]] is available, which allows user management via XQuery.
* The md5 password hash has been replaced with salted sha256 and digest hashes (the current timestamp will be used as salt).
Moreover, passwords in commands and XQuery functions are now specified in plain text. The rationale behind this is:
* The server can now create different hashes from the original password.
* The encoding as md5 has not been safe anyway, because md5 hashes for popular passwords can be easily uncovered with rainbow tables.
As general security measures, please ensure that your password will not be stored in your bash history, and avoid sending passwords via ordinary REST requests.
==Rules==
