Return-Path: 
 <user-return-12459-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 7245 invoked from network); 6 Sep 2010 15:25:25 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 6 Sep 2010 15:25:25 -0000
Received: (qmail 18114 invoked by uid 500); 6 Sep 2010 15:25:24 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 17865 invoked by uid 500); 6 Sep 2010 15:25:21 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 17857 invoked by uid 99); 6 Sep 2010 15:25:20 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Sep 2010 15:25:20 +0000
X-ASF-Spam-Status: No, hits=0.7 required=10.0
	tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [209.85.160.52] (HELO mail-pw0-f52.google.com) (209.85.160.52)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Sep 2010 15:25:13 +0000
Received: by pwj10 with SMTP id 10so3656839pwj.11
        for <user@couchdb.apache.org>; Mon, 06 Sep 2010 08:24:53 -0700 (PDT)
Received: by 10.142.120.9 with SMTP id s9mr824251wfc.89.1283786693706;
        Mon, 06 Sep 2010 08:24:53 -0700 (PDT)
Received: from [10.0.1.2] (c-24-130-240-73.hsd1.ca.comcast.net
 [24.130.240.73])
        by mx.google.com with ESMTPS id s34sm4345209wfc.8.2010.09.06.08.24.50
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 06 Sep 2010 08:24:52 -0700 (PDT)
Sender: J Chris Anderson <jchris@couch.io>
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1081)
Subject: Re: Best performing login implementation?
From: J Chris Anderson <jchris@apache.org>
In-Reply-To: <AANLkTimA7cawgxvDK+oV+X=srPAcP=pfKOQoyEYjLqaU@mail.gmail.com>
Date: Mon, 6 Sep 2010 08:24:49 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <DF7FAEBF-2E6A-43AE-ABCA-7F030CE346C9@apache.org>
References: <AANLkTikh=56TEWh=OkPA8o-NiRsumcVrdRFeF4_nZ9cv@mail.gmail.com>
 <33F12002-C2C7-4F38-9010-F4B168D688A3@gmail.com>
 <AANLkTimA7cawgxvDK+oV+X=srPAcP=pfKOQoyEYjLqaU@mail.gmail.com>
To: user@couchdb.apache.org
X-Mailer: Apple Mail (2.1081)


On Sep 6, 2010, at 8:10 AM, Matt Goodall wrote:

> On 6 September 2010 15:18, Wout Mertens <wout.mertens@gmail.com> =
wrote:
>=20
>>=20
>> On Sep 6, 2010, at 15:39 , Tiago Freire wrote:
>>=20
>>> I am wondering about the best method for
>>> implementing this.
>>>=20
>>> 1) Each username+login in a document.
>>> 2) One document for username+logins, each one in a separate =
property.
>>> {username:password}
>>> 3) One document for username+logins, all in a single 'logins' array.
>>> {logins: [{username:foo, password: bar}]}
>>=20
>> =46rom general principle, 1) is the one you want. I haven't set up =
user auth
>> myself, but in document-oriented databases you want to keep your data
>> together in logical units that have a practical maximum size.
>>=20
>> So while, in a way, all your logins are a logical unit, there is no =
limit
>> on how large that array will get so that is not a good way to store =
that
>> information.
>>=20
>>=20
> I'd go for one document per username+login. Don't be shy about =
throwing in
> lots of other information about the user unless it really doesn't make =
sense
> to store it in the same document for some reason. Your view can emit =
just
> the username and password to keep the authentication request fast:
>=20
>    function(doc) {
>        if(doc.type =3D=3D 'user') {
>            emit(doc.username, doc.password);
>        }
>    }
>=20

Also, please do not store plain text passwords. Read this:

=
http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-=
incorrectly.html

Also it is worth noting that CouchDB has a builtin authentication system =
that gets this right, and you might just be able to piggyback on it, =
depending on your application:

=
http://blog.couch.io/post/1027100082/whats-new-in-couchdb-1-0-part-4-secur=
ityn-stuff

If you decide to roll your own, I agree that a document-per-user is a =
good approach.

Chris

> The other thing to consider when designing your documents is who will =
be
> updating them and how often. Ideally, you only want updates to come =
from one
> person to avoid conflicts. If you put all username+password in a =
single
> document then as the number of users grows you're increasingly likely =
to get
> conflicts, e.g. whenever someone tries to change their password.
>=20
> - Matt