From user-return-12140-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Mon Aug 16 01:52:45 2010 Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 95606 invoked from network); 16 Aug 2010 01:52:45 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 16 Aug 2010 01:52:45 -0000 Received: (qmail 76189 invoked by uid 500); 16 Aug 2010 01:52:44 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 76116 invoked by uid 500); 16 Aug 2010 01:52:43 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 76108 invoked by uid 99); 16 Aug 2010 01:52:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Aug 2010 01:52:43 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.212.180] (HELO mail-px0-f180.google.com) (209.85.212.180) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Aug 2010 01:52:36 +0000 Received: by pxi7 with SMTP id 7so2669002pxi.11 for ; Sun, 15 Aug 2010 18:52:15 -0700 (PDT) Received: by 10.143.30.10 with SMTP id h10mr2256440wfj.283.1281923535336; Sun, 15 Aug 2010 18:52:15 -0700 (PDT) Received: from [10.0.1.2] (c-24-130-240-73.hsd1.ca.comcast.net [24.130.240.73]) by mx.google.com with ESMTPS id v13sm5285392wfv.5.2010.08.15.18.52.13 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 15 Aug 2010 18:52:13 -0700 (PDT) Sender: J Chris Anderson Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: confused about authentication in php vs couchdb From: J Chris Anderson In-Reply-To: <829012F1-8DF3-4658-9E69-342DC0A35048@googlemail.com> Date: Sun, 15 Aug 2010 18:52:11 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <8CD0974DDF02840-2078-5FD9@webmail-d071.sysops.aol.com> <20100814173930.GB6601@orbital> <8CD09F42A410AA0-1D08-26962@webmail-m089.sysops.aol.com> <829012F1-8DF3-4658-9E69-342DC0A35048@googlemail.com> To: user@couchdb.apache.org X-Mailer: Apple Mail (2.1081) X-Virus-Checked: Checked by ClamAV on apache.org On Aug 15, 2010, at 7:40 AM, Sebastian Cohnen wrote: > Hey Dan, >=20 > I just wanted to note that CouchDB does only provide per database = reader ACL. So you need to have one database per user in order to = protect a users content from unauthorized access (remember any user with = read access can read ALL documents in the particular database). >=20 > and btw: AFAIK jQuery is only used for the XHR stuff, but jQuery is a = very nice library, well maintained and successfully used by many people. >=20 There are some functions like this, in the jquery.couch.js library, = which may be worth copying to your code, if you plan to reimplement. = Also, please share code, as it sounds like you are on the cutting edge = here. Signup: = http://github.com/apache/couchdb/blob/trunk/share/www/script/jquery.couch.= js#L114 Login: = http://github.com/apache/couchdb/blob/trunk/share/www/script/jquery.couch.= js#L121 the basic password hashing mechanism for signup: = http://github.com/apache/couchdb/blob/trunk/share/www/script/jquery.couch.= js#L25 - Chris > Best >=20 > Sebastian >=20 > On 14.08.2010, at 20:18, whimsica@aol.com wrote: >=20 >> Okay. So if you look at netflix or other sites they all have standard = behaviors. >> Login, Signup, Forgot Password, Remember me on this computer. >>=20 >> I am building two sites right now. One that allows users to track = their nutrition, and another which allows them=20 >> to edit audio for video proects -- two separate projects and I am = going to try to build them with couchdb because >> it is easy to understand so far. >>=20 >> The way netflix works is fine. If they try to access a page they are = not authorized to use then it defaults back to the sign-up page. >> I'm not sure how this is done. =20 >>=20 >> If they are logged in they can enter and save new data and view their = data. >>=20 >> So those are the features I need to build these projects with couchdb = instead of php and mysql. I would prefer not to use the jquery libraries = because I really don't want to rely on external libraries with pages and = pages of linked code that I don't understand. >>=20 >> I am an experienced javascript programmer and work with a few = php/mysql guys but I am tired of relying on them. I am just learning = about servers and databases. So far I have setup a linux server and am = successfully using couchdb with the help of a few books and the wiki and = the folks on this mailing list. But, I seem to be stuck on the = authentication issues. I would just like to see a non jquery version of = an html page that does all this or a tutorial. >>=20 >> Dan >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >>=20 >> -----Original Message----- >> From: Sam Bisbee >> To: user@couchdb.apache.org >> Sent: Sat, Aug 14, 2010 10:39 am >> Subject: Re: confused about authentication in php vs couchdb >>=20 >>=20 >> On Fri, Aug 13, 2010 at 11:06:47PM -0400, whimsica@aol.com wrote: >>=20 >>> How do you do the sort of authentication that happens in php mysql = with=20 >>=20 >> couchdb? >>=20 >>=20 >>=20 >> As you can see from Chris's reply, there is a lot of things that you = can do >>=20 >> with auth and couchdb. The most basic set up is creating accounts and = using >>=20 >> HTTP Basic authentication. >>=20 >>=20 >>=20 >>> I sort of understand how php authentication works sort of...you can >>=20 >>> dynamically write pages depending on the credentials of a user. The >>=20 >>> credentials are checked against the mysql database and then stored = in php >>=20 >>> somehow=20 >>=20 >>=20 >>=20 >> What are you using MySQL for in your environment? >>=20 >>=20 >>=20 >>> Using HTTP apache authentication I can hide certain webpages from = certain >>=20 >>> users unless their credentials are sent each time using some = mechanism. I >>=20 >>> understand how to do this in php.=20 >>=20 >>=20 >>=20 >> You can do this same thing in your Apache config, your CouchDB = config, your PHP >>=20 >> code, or all three if you're crazy enough. >>=20 >>=20 >>=20 >> I think it would be helpful if you gave us an idea of what you're = building and >>=20 >> your application's environment, so that we can give you more targeted = guidance. >>=20 >>=20 >>=20 >> Cheers, >>=20 >>=20 >>=20 >> --=20 >>=20 >> Sam Bisbee >>=20 >> www.sbisbee.com >>=20 >>=20 >>=20 >=20