couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Lenz <>
Subject Re: CouchDB 1.0 work
Date Sat, 10 May 2008 14:09:36 GMT
On 28.04.2008, at 18:27, Damien Katz wrote:
> Here are my thoughts on what we need for before we can get to  
> CouchDB 1.0. Feedback please.
> Must have:
> Security/Document validation: We need a way to control who can  
> update what documents and to validate the updates are correct. This  
> is absolutely necessary for offline replication, where replicated  
> updates to the database do not come through the application layer.
> Don't Need:
> Authentication. We can go to 1.0 without authentication, relying  
> instead on local proxies to provide authentication.

So how would we provide authorization without authentication? There  
needs to be some way to identify who's making a request, and if we  
plan to rely on proxies for that, those proxies need to provide a way  
to pass on the authentication results (e.g. REMOTE_USER). I suspect  
they don't do that, but I may be wrong.

Christopher Lenz
   cmlenz at

View raw message