couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jyrki Pulliainen <jyrki.pulliai...@gmail.com>
Subject Re: Managing access
Date Sat, 21 Feb 2009 13:42:36 GMT
2009/2/21 Jason Huggins <jason@jrandolph.com>:
> On Sat, Feb 21, 2009 at 5:28 AM, Jyrki Pulliainen
> <jyrki.pulliainen@gmail.com> wrote:
>> CouchDB site talks about managing user access on database (Admin,
>> read, update), but I can't find any documentation about this feature.
>> Can someone pinpoint a page describing the built-in access management?
>
>
> http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy
>
> You could use Apache as a reverse proxy to your couchdb server. At the
> Apache layer, you can then add an authentication scheme. The above
> link doesn't have the authentication bits shown, but you can find out
> how to do that reading ordinary Apache documentation.
>
> Authorization (i.e. "can user 'a' edit database 'b'?") is a bit more
> tricky than simple authentication (i.e. "is this user 'a'?"). Until
> this kind of thing gets baked into CouchDB (or someone documents how
> they did it!), you'll probably have to roll your own solution.
>
> In my setup, I use Apache to enforce SSL encryption. I then use Django
> as my authentication and authorization engine, where I first require
> all connections to be authenticated with Basic Auth.  Then, Django
> allows  'regular' users to only to edit their own databases, and
> 'admin' users to edit any database.
>
> Alas, I have no page to point to yet that shows you how to do the
> Django part. I will say, though, that the hardest bit was making sure
> Django properly proxied all the HTTP headers to and from the CouchDB
> backend. However, the CouchDB unit tests in Futon were invaluable and
> made developing my auth proxy easier.

Thanks for the tip, this approach probably does what I need this time.

- Jyrki

Mime
View raw message