couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@apache.org>
Subject Re: confused about authentication in php vs couchdb
Date Mon, 16 Aug 2010 01:52:11 GMT

On Aug 15, 2010, at 7:40 AM, Sebastian Cohnen wrote:

> Hey Dan,
> 
> I just wanted to note that CouchDB does only provide per database reader ACL. So you
need to have one database per user in order to protect a users content from unauthorized access
(remember any user with read access can read ALL documents in the particular database).
> 
> and btw: AFAIK jQuery is only used for the XHR stuff, but jQuery is a very nice library,
well maintained and successfully used by many people.
> 

There are some functions like this, in the jquery.couch.js library, which may be worth copying
to your code, if you plan to reimplement. Also, please share code, as it sounds like you are
on the cutting edge here.

Signup:

http://github.com/apache/couchdb/blob/trunk/share/www/script/jquery.couch.js#L114

Login:

http://github.com/apache/couchdb/blob/trunk/share/www/script/jquery.couch.js#L121

the basic password hashing mechanism for signup:

http://github.com/apache/couchdb/blob/trunk/share/www/script/jquery.couch.js#L25

- Chris

> Best
> 
> Sebastian
> 
> On 14.08.2010, at 20:18, whimsica@aol.com wrote:
> 
>> Okay. So if you look at netflix or other sites they all have standard behaviors.
>> Login, Signup, Forgot Password, Remember me on this computer.
>> 
>> I am building two sites right now. One that allows users to track their nutrition,
and another which allows them 
>> to edit audio for video proects -- two separate projects and I am going to try to
build them with couchdb because
>> it is easy to understand so far.
>> 
>> The way netflix works is fine.  If they try to access a page they are not authorized
to use then it defaults back to the sign-up page.
>> I'm not sure how this is done.  
>> 
>> If they are logged in they can enter and save new data and view their data.
>> 
>> So those are the features I need to build these projects with couchdb instead of
php and mysql. I would prefer not to use the jquery libraries because I really don't want
to rely on external libraries with pages and pages of linked code that I don't understand.
>> 
>> I am an experienced javascript programmer and work with a few php/mysql guys but
I am tired of relying on them. I am just learning about servers and databases. So far I have
setup a linux server and am successfully using couchdb with the help of a few books and the
wiki and the folks on this mailing list.  But, I seem to be stuck on the authentication issues.
I would just like to see a non jquery version of an html page that does all this or a tutorial.
>> 
>> Dan
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: Sam Bisbee <sam@sbisbee.com>
>> To: user@couchdb.apache.org
>> Sent: Sat, Aug 14, 2010 10:39 am
>> Subject: Re: confused about authentication in php vs couchdb
>> 
>> 
>> On Fri, Aug 13, 2010 at 11:06:47PM -0400, whimsica@aol.com wrote:
>> 
>>> How do you do the sort of authentication that happens in php mysql with 
>> 
>> couchdb?
>> 
>> 
>> 
>> As you can see from Chris's reply, there is a lot of things that you can do
>> 
>> with auth and couchdb. The most basic set up is creating accounts and using
>> 
>> HTTP Basic authentication.
>> 
>> 
>> 
>>> I sort of understand how php authentication works sort of...you can
>> 
>>> dynamically write pages depending on the credentials of a user. The
>> 
>>> credentials are checked against the mysql database and then stored in php
>> 
>>> somehow 
>> 
>> 
>> 
>> What are you using MySQL for in your environment?
>> 
>> 
>> 
>>> Using HTTP apache authentication I can hide certain webpages from certain
>> 
>>> users unless their credentials are sent each time using some mechanism.  I
>> 
>>> understand how to do this in php. 
>> 
>> 
>> 
>> You can do this same thing in your Apache config, your CouchDB config, your PHP
>> 
>> code, or all three if you're crazy enough.
>> 
>> 
>> 
>> I think it would be helpful if you gave us an idea of what you're building and
>> 
>> your application's environment, so that we can give you more targeted guidance.
>> 
>> 
>> 
>> Cheers,
>> 
>> 
>> 
>> -- 
>> 
>> Sam Bisbee
>> 
>> www.sbisbee.com
>> 
>> 
>> 
> 


Mime
View raw message