couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Florian Westreicher Bakk.techn." <>
Subject Re: replication with authentication
Date Tue, 18 Feb 2014 18:31:24 GMT
Works as intended. You can easily verify this with Wireshark. 

Jason Winshell <> wrote:
>Hi folks,
>I need to replicate between a master and backup database in a
>high-security environment. Replication, like any interaction with the
>database must be authenticated. Both Couch instances are fronted by an
>SSL-proxy. There is no remote access to the http API (i.e. port 5984)
>without going through the proxy. Couch native SSL support is a no-go
>because the Erlang-based SSL support is verifiably buggy. The
>implementation must be fully vetted, complete and reliable for this
>high-security environment. Replication between instances requires that
>the backup instance pull data from the master with an authenticated
>URL. I found I was able to get replication working by constructing a
>database URL of the form https://user:password/mydatabase. I need to
>verify and be sure of a couple things (1) Couch passes authentication
>in HTTP headers and in no way passes the user:password as part of the
>URL. This is per the RFC spec for HTTP Basic (or Cookie) authentication
>(2) the user:password would never be exposed to user other than the
>server administrator on the backup. AFAIK, #1 is true, but I need to be
>absolutely sure.
>By the way, I'm using CouchDB on Windows OS.
>Can folks give me their thoughts on this?

Sent from Kaiten Mail. Please excuse my brevity.

View raw message