couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Proper use of _users for authentication module
Date Wed, 07 Jul 2010 18:28:39 GMT
On Wed, Jul 7, 2010 at 9:01 AM, Jason Smith <jhs@couch.io> wrote:
> When is it appropriate for an authentication module to use the _users
> database (or whatever it is configured to be)?
>
> I am investigating OpenID 2.0 support. A requirent is to store a nonce
> to protect against replay attacks. I am evaluating using a database to
> store the nonce. (Another option is an ets table but that has it's own
> issues.)
>
> The built-in design document IIRC rejects all non-user documents. So
> storing a nonce as a new document type would require changing that
> policy in an unclear way.
>
> Would it be better to create a whole new _openid database for the task?
>
> Suggestions welcome. Thanks!
>
> --
> Jason Smith
> Couchio Hosting
>

You don't need to store the nonce per user, just need to make sure
it's unique, if I remember. Why not storing it in another db ?

- benoit

Mime
View raw message