Return-Path: 
 <user-return-18798-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 7AEA7738A
	for <apmail-couchdb-user-archive@www.apache.org>;
 Fri, 11 Nov 2011 16:58:27 +0000 (UTC)
Received: (qmail 96953 invoked by uid 500); 11 Nov 2011 16:58:25 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 96921 invoked by uid 500); 11 Nov 2011 16:58:25 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 96913 invoked by uid 99); 11 Nov 2011 16:58:25 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Nov 2011 16:58:25 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of kxepal@gmail.com designates
 209.85.210.46 as permitted sender)
Received: from [209.85.210.46] (HELO mail-pz0-f46.google.com) (209.85.210.46)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Nov 2011 16:58:18 +0000
Received: by pzk2 with SMTP id 2so4487304pzk.5
        for <user@couchdb.apache.org>; Fri, 11 Nov 2011 08:57:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=VR/XYnZiKKDemsZcRvNdvpp54Wf3Fm9Rje6UzWcY1w0=;
        b=KHWmMP73FmlmMZsOJhqEBVfia95kH+c6cz7lDia87bOUUqV3E0uwqajn/p5yeRORJk
         DmLzlfRu0Twa+LlMTESstw/O+10PY2J70sCu+7ABMxKFXlUPbJqGrzFOt+zdHi2yp2ES
         OB8L26nbhiC+Jv1f43JsS69GQbaIPL4km8H20=
MIME-Version: 1.0
Received: by 10.68.17.7 with SMTP id k7mr25668078pbd.20.1321030676817; Fri, 11
 Nov 2011 08:57:56 -0800 (PST)
Received: by 10.68.58.196 with HTTP; Fri, 11 Nov 2011 08:57:56 -0800 (PST)
In-Reply-To: <36E07B7B-DD97-4F03-AD5F-A9210801AA14@gmail.com>
References: 
 <CAKvLi7OR4mQtLfkyBvCuVgViXoSk7DYawXxDV6ggdPH+nsP5Mg@mail.gmail.com>
	<CAHdjipKGZ8gDs-0ApjUjwv0501eHT2psXvDOxAvfqifiF6s60g@mail.gmail.com>
	<36E07B7B-DD97-4F03-AD5F-A9210801AA14@gmail.com>
Date: Fri, 11 Nov 2011 19:57:56 +0300
Message-ID: 
 <CAHdjipJBP1608Xpv4bt12Wt1XcBijCyeU=_8OasT=BLcJwTc9A@mail.gmail.com>
Subject: Re: Security Questions
From: Alexander Shorin <kxepal@gmail.com>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

On Fri, Nov 11, 2011 at 8:54 PM, Ido Ran <ido.ran@gmail.com> wrote:
> About securing replication, SSL only solve confidentiality, not authoriza=
tion.
> How do I go about making sure only authenticated party can replicate?
>
> Thank you

You may gain auth by client SSL certificate.

--
,,,^..^,,,

>
> =D7=91-10 =D7=91=D7=A0=D7=95=D7=91 2011, =D7=91=D7=A9=D7=A2=D7=94 21:47, =
Alexander Shorin <kxepal@gmail.com> =D7=9B=D7=AA=D7=91/=D7=94:
>
>> On Thu, Nov 10, 2011 at 7:59 PM, Ido Ran <ido.ran@gmail.com> wrote:
>>> 1. Does couch_httpd_oauth means CouchDB support OAuth authentication as=
 is,
>>> without reverse proxy or anything else?
>>> 2. How can I secure the replication between two couches?
>>>
>>
>> 1. Yes.
>> 2. SSL, native or via proxy like nginx.
>>
>> --
>> ,,,^..^,,,
>