couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabio Forno <fabio.fo...@gmail.com>
Subject Re: how to setup authentication?
Date Mon, 16 Nov 2009 10:38:22 GMT
On Mon, Nov 16, 2009 at 7:14 AM, Chris Anderson <jchris@apache.org> wrote:
>
> The easiest way right now is to use a proxy like Apache httpd with
> rewrite configuration.
>
> One place to look is the Ubuntu One source code:
>
> https://code.launchpad.net/~sil/desktopcouch/plaintext-auth-for-u1
>
> There's also some stuff on the wiki:
>
> http://wiki.apache.org/couchdb/Authentication_and_Authorization

Indeed I was about to ask the same things, though I'm more interested
in authenticating applications than humans. For that purpose so far we
have granted access without authentication via a vpn connecting only
trusted machines, which is the laziest and most effective setup, since
it seems to me that all other authentication/authorization methods are
too heavy for applications:
- if it's plain text we can't afford to setup https for any  request
- cookie based doesn't protect from reply attacks o stolen cookies,
for what I've seen, and https is again needed
- about ouath, I'm still trying to understand how it's used in
couchdb, it may be the solution but I've no idea how to setup it and
if any request is signed differently or it's just a like cookie
granting access, so we must again use https.

In an ideal world I think that for applications the best solution is
giving the client to:
- sing each request with a shared secret (perhaps session based in
order not to make it live long), if you care just about authorization
- encrypt the whole request (query string & post data) and response if
we need also confidentiality

bye

-- 
Fabio Forno,
Ooros srl
jabber id: ff@jabber.bluendo.com

Mime
View raw message