couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Svilen ...@svilendobrev.com>
Subject Re: use case: replication of many databases, with/by many users
Date Thu, 13 Sep 2012 16:18:59 GMT
U made me reread the security.. Page.  So users is separate db not replicated, and itwould
be names not roles

svilen

Dave Cottlehuber <dch@jsonified.com> написа:

>On 13 September 2012 08:17, svilen <az@svilendobrev.com> wrote:
>> g'day
>> this is about per-user authentication of replication. (similar to the
>> thread "App layer on top of replication" but that's not exactly my
>> use-case).
>>
>> imagine a chat-room. each message is a document. each chat room is a
>> database. no conflicts. Each user can participate in many chat rooms
>> (=databases) and have them replicated to and from localy, continuosly
>> (on as many devices he wants).
>>
>> the question is: how to make the authentication/security properly?
>>
>> so far i'm guessing i should have a separate user-account layer/module
>> to know who is who on server.
>>
>> how to allow users to use only chat-rooms they're registered in?
>> in case all couchdb-user's credential live in database, and hence are
>> replicated, that is not usable..
>>
>> how about replication itself? wrap it in some user-authenticated
>> api-call/url-rewrite (and disable it for external world)? or something
>> else?
>>
>> ciao
>> svil
>
>Assuming you have a hub node that has all user accounts and a db per
>chat room, that all external users replicate from/to, you could simply
>use DB roles.
>
>When you join a chat room, you'd need to be added to the role list for
>that DB (by some process external to couch that knows if you are
>allowed to access it), and then you could set up replication on the
>endpoint node.
>
>Would that be sufficient?
>
>A+
>Dave
Mime
View raw message