incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Lenz <cml...@gmx.de>
Subject Re: CouchDB 1.0 work
Date Sat, 10 May 2008 15:35:28 GMT
On 10.05.2008, at 16:47, Damien Katz wrote:
> On May 10, 2008, at 10:09 AM, Christopher Lenz wrote:
>
>> On 28.04.2008, at 18:27, Damien Katz wrote:
>>> Here are my thoughts on what we need for before we can get to  
>>> CouchDB 1.0. Feedback please.
>>>
>>> Must have:
>> [...]
>>> Security/Document validation: We need a way to control who can  
>>> update what documents and to validate the updates are correct.  
>>> This is absolutely necessary for offline replication, where  
>>> replicated updates to the database do not come through the  
>>> application layer.
>> [...]
>>> Don't Need:
>>>
>>> Authentication. We can go to 1.0 without authentication, relying  
>>> instead on local proxies to provide authentication.
>>
>> So how would we provide authorization without authentication? There  
>> needs to be some way to identify who's making a request, and if we  
>> plan to rely on proxies for that, those proxies need to provide a  
>> way to pass on the authentication results (e.g. REMOTE_USER). I  
>> suspect they don't do that, but I may be wrong.
>
> I'm thinking the proxy server will authenticate the users  
> credentials in the request HTTP header, then let the request pass  
> normally to the CouchDB server. If it can't authenticate, then it  
> rejects the request.

Yeah, but how will CouchDB be able to use the authentication results  
to provide the "Security/Document validation" feature?

As far as I know, the proxy will keep the auth info to itself, and the  
request will look like a standard anonymous request to CouchDB. I  
*think* if we don't implement authentication, we can not implement  
authorization/security for document validation.

Cheers,
--
Christopher Lenz
   cmlenz at gmx.de
   http://www.cmlenz.net/


Mime
View raw message