On 10.05.2008, at 17:53, Damien Katz wrote:
> On May 10, 2008, at 11:35 AM, Christopher Lenz wrote:
>> As far as I know, the proxy will keep the auth info to itself, and
>> the request will look like a standard anonymous request to CouchDB.
>> I *think* if we don't implement authentication, we can not
>> implement authorization/security for document validation.
>
> Well, I don't know the details of authenticating proxies, but if the
> user provides credentials in the HTTP header, and the proxy server
> validates it and passes it on, then CouchDB would just use the same
> credentials with the assumption they are authenticated because the
> HTTP server validated it. But maybe this isn't possible for reasons
> I don't know about.
I made a test with Apache/mod_proxy with Digest auth, and it does seem
to pass through the auth credentials (username, realm, etc) via the
Authorization header. So this should hopefully work in general, sorry
for the noise :P
Cheers,
--
Christopher Lenz
cmlenz at gmx.de
http://www.cmlenz.net/
|