couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Huggins <ja...@jrandolph.com>
Subject Re: Managing access
Date Sat, 21 Feb 2009 13:40:25 GMT
On Sat, Feb 21, 2009 at 5:28 AM, Jyrki Pulliainen
<jyrki.pulliainen@gmail.com> wrote:
> CouchDB site talks about managing user access on database (Admin,
> read, update), but I can't find any documentation about this feature.
> Can someone pinpoint a page describing the built-in access management?


http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy

You could use Apache as a reverse proxy to your couchdb server. At the
Apache layer, you can then add an authentication scheme. The above
link doesn't have the authentication bits shown, but you can find out
how to do that reading ordinary Apache documentation.

Authorization (i.e. "can user 'a' edit database 'b'?") is a bit more
tricky than simple authentication (i.e. "is this user 'a'?"). Until
this kind of thing gets baked into CouchDB (or someone documents how
they did it!), you'll probably have to roll your own solution.

In my setup, I use Apache to enforce SSL encryption. I then use Django
as my authentication and authorization engine, where I first require
all connections to be authenticated with Basic Auth.  Then, Django
allows  'regular' users to only to edit their own databases, and
'admin' users to edit any database.

Alas, I have no page to point to yet that shows you how to do the
Django part. I will say, though, that the hardest bit was making sure
Django properly proxied all the HTTP headers to and from the CouchDB
backend. However, the CouchDB unit tests in Futon were invaluable and
made developing my auth proxy easier.

Cheers,
Jason Huggins

Mime
View raw message