couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <>
Subject Proper use of _users for authentication module
Date Wed, 07 Jul 2010 07:01:55 GMT
When is it appropriate for an authentication module to use the _users
database (or whatever it is configured to be)?

I am investigating OpenID 2.0 support. A requirent is to store a nonce
to protect against replay attacks. I am evaluating using a database to
store the nonce. (Another option is an ets table but that has it's own

The built-in design document IIRC rejects all non-user documents. So
storing a nonce as a new document type would require changing that
policy in an unclear way.

Would it be better to create a whole new _openid database for the task?

Suggestions welcome. Thanks!

Jason Smith
Couchio Hosting

View raw message