couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@gmail.com>
Subject Re: Proper use of _users for authentication module
Date Wed, 07 Jul 2010 17:32:06 GMT

On Jul 7, 2010, at 12:01 AM, Jason Smith wrote:

> When is it appropriate for an authentication module to use the _users
> database (or whatever it is configured to be)?
> 
> I am investigating OpenID 2.0 support. A requirent is to store a nonce
> to protect against replay attacks. I am evaluating using a database to
> store the nonce. (Another option is an ets table but that has it's own
> issues.)
> 
> The built-in design document IIRC rejects all non-user documents. So
> storing a nonce as a new document type would require changing that
> policy in an unclear way.

Does it make sense to add the nonce to the existing user document? That will allow a single
lookup instead of multiple lookups.

> 
> Would it be better to create a whole new _openid database for the task?
> 
> Suggestions welcome. Thanks!
> 
> -- 
> Jason Smith
> Couchio Hosting


Mime
View raw message