couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nolan Lawson (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-2191) Please consider including couchperuser in core
Date Sat, 08 Mar 2014 00:38:44 GMT
Nolan Lawson created COUCHDB-2191:
-------------------------------------

             Summary: Please consider including couchperuser in core
                 Key: COUCHDB-2191
                 URL: https://issues.apache.org/jira/browse/COUCHDB-2191
             Project: CouchDB
          Issue Type: Improvement
      Security Level: public (Regular issues)
            Reporter: Nolan Lawson


I would love to be able to use CouchDB as the exclusive backend for all my webapps.  The {{_users}}
database with the automatic password salting/hashing and session cookies is brilliant, and
saves a lot of developer effort while still ensuring I don't shoot myself in the foot trying
to implement password security.

However, without creating a database per user, it's impossible to silo user data in any way
other than through {{validate_doc_update}} - i.e. every user can see everybody else's data,
but they can only write to theirs.  This use case does exist (e.g. Twitter), but it's much
less common than the case where users can only read/write their own data.

The plugin ecosystem is great and all, and I totally understand not wanting to include the
kitchen sink in Couch core, but I strongly feel [couchperuser|https://github.com/etrepum/couchperuser]
(or something like it) should be a checkbox I can tick in the Couch config, rather than a
plugin I have to install manually.  It's just too common of a use case in typical webapps.

Some background: this was prompted by a [discussion in PouchDB|https://github.com/daleharvey/pouchdb/issues/1575];
Dale has written a fine solution in [couch-persona|https://github.com/daleharvey/couch-persona],
but I really think the "why Pouch/Couch?" story would be more compelling if you could do it
in pure Couch without an extra server process.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message