incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Lenz <cml...@gmx.de>
Subject Re: CouchDB 1.0 work
Date Sat, 10 May 2008 14:09:36 GMT
On 28.04.2008, at 18:27, Damien Katz wrote:
> Here are my thoughts on what we need for before we can get to  
> CouchDB 1.0. Feedback please.
>
> Must have:
[...]
> Security/Document validation: We need a way to control who can  
> update what documents and to validate the updates are correct. This  
> is absolutely necessary for offline replication, where replicated  
> updates to the database do not come through the application layer.
[...]
> Don't Need:
>
> Authentication. We can go to 1.0 without authentication, relying  
> instead on local proxies to provide authentication.

So how would we provide authorization without authentication? There  
needs to be some way to identify who's making a request, and if we  
plan to rely on proxies for that, those proxies need to provide a way  
to pass on the authentication results (e.g. REMOTE_USER). I suspect  
they don't do that, but I may be wrong.

Cheers,
--
Christopher Lenz
   cmlenz at gmx.de
   http://www.cmlenz.net/


Mime
View raw message