couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Winshell <>
Subject replication with authentication
Date Tue, 18 Feb 2014 18:18:20 GMT
Hi folks,

I need to replicate between a master and backup database in a high-security environment. Replication,
like any interaction with the database must be authenticated. Both Couch instances are fronted
by an SSL-proxy. There is no remote access to the http API (i.e. port 5984) without going
through the proxy. Couch native SSL support is a no-go because the Erlang-based SSL support
is verifiably buggy. The implementation must be fully vetted, complete and reliable for this
high-security environment. Replication between instances requires that the backup instance
pull data from the master with an authenticated URL. I found I was able to get replication
working by constructing a database URL of the form https://user:password/mydatabase. I need
to verify and be sure of a couple things (1) Couch passes authentication in HTTP headers and
in no way passes the user:password as part of the URL. This is per the RFC spec for HTTP Basic
(or Cookie) authentication (2) the user:password would never be exposed to user other than
the server administrator on the backup. AFAIK, #1 is true, but I need to be absolutely sure.

By the way, I'm using CouchDB on Windows OS.

Can folks give me their thoughts on this?


View raw message