couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hahn <m...@boutiquing.com>
Subject Re: persistent cookie authorization
Date Wed, 02 Mar 2011 07:17:26 GMT
If you don't mind, can you explain your idea in a bit more detail?  I
need ideas.

I appreciate the reference to the wiki page but it sure is a mess.  I
couldn't make heads nor tails out of it.  Is there a page that spells
out what auth handlers are provided and how they function?

On Tue, Mar 1, 2011 at 11:02 PM, Martin Hilbig <blueonyx@gmx.net> wrote:
> just a quick idea: how about a auth handler[1] which uses the cookie as
> second passwd and creates a new one afterwards?
>
> have fun
> martin
>
> [1]: http://wiki.apache.org/couchdb/Authentication_and_Authorization
>
> On 02.03.2011 06:51, Mark Hahn wrote:
>>
>> I would like to have the features of the cookie authorization built
>> into couchdb with the _users table, but allow the user to stay logged
>> in even after their browser is closed or the db is restarted.
>>
>> I could store the sha hash in a cookie and check it against their doc
>> from _users, but after I've done that, how do I get them logged into
>> couchdb with a token?  The only way I can figure out how to do this is
>> to store the user's password in the clear which defeats the whole
>> point of storing the sha hashed password.  Is there any way to log in
>> a user to couchdb without using the clear password?
>>
>



-- 
Mark Hahn
Website Manager
mark@boutiquing.com
949-229-1012

Mime
View raw message