couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Input validation and limits
Date Mon, 25 Mar 2013 09:59:06 GMT
On Mon, Mar 25, 2013 at 10:48 AM, Robert Newson <rnewson@apache.org> wrote:
> I'll quibble a little over the notion that 'middleware' can occur
> midway through request processing at the backend but, in general, yes.
> My point was to take Jason's suggestion head on and attempt to achieve
> consensus on what CouchDB should include versus exclude.
>
> I should have started a new thread for that rather than immediately
> forking this one. To answer the specific 'should we add X?' question
> it seemed prudent to ask the general 'what features are appropriate
> for couchdb?' question.
>
> To cover your list, in brief, I'd say vhosting, rewriting, throttling,
> ip checking are out and authentication and captcha are in, but that's
> just my list.
>
> This thread should either be renamed if we think the discussion is
> about the general, or we should all stay on topic (myself included, of
> course) and discuss the rate-limiting and captcha question.

good point.
>
> I think rate-limiting is out of scope but that captcha is in scope
> (because authentication in general is in scope). Is captcha technology
> something that evolves quite quickly? Would support today be something
> that our new quarterly updates could usefully keep pace with?

I personnaly don't see how captcha could be useful there vs a good old
authentication. Especially now that's it's harder to brute-force the
key password hash due to to the use of pbkdf2 . On the other hand we
could improve our oauth support with bearer token and beeing a
provider to achieve the same kind of result.

- benoƮt

Mime
View raw message