Return-Path: Delivered-To: apmail-incubator-couchdb-dev-archive@locus.apache.org Received: (qmail 36172 invoked from network); 10 May 2008 18:39:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 May 2008 18:39:49 -0000 Received: (qmail 53253 invoked by uid 500); 10 May 2008 18:39:50 -0000 Delivered-To: apmail-incubator-couchdb-dev-archive@incubator.apache.org Received: (qmail 53217 invoked by uid 500); 10 May 2008 18:39:50 -0000 Mailing-List: contact couchdb-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: couchdb-dev@incubator.apache.org Delivered-To: mailing list couchdb-dev@incubator.apache.org Received: (qmail 53206 invoked by uid 99); 10 May 2008 18:39:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 May 2008 11:39:50 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of bchesneau@gmail.com designates 209.85.198.243 as permitted sender) Received: from [209.85.198.243] (HELO rv-out-0708.google.com) (209.85.198.243) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 May 2008 18:39:02 +0000 Received: by rv-out-0708.google.com with SMTP id k29so1885419rvb.0 for ; Sat, 10 May 2008 11:39:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=1rdftIhJseGzA6Ej3Duad7sfHNVVZv0aO5hd8HYq7Q0=; b=O7anMlSq3BEfaNPLwTczOfbmN1ZNEsrMY7ci3cNRc8eEUowI5JQvcxpP0UtJnxZte34EypnpTZNxdT+W6nuLELGxKdEfRS/JvTfnQYMuMAY6hcX0Bx22gxNncf34XibuQq3XEEg2UpsnUyVugy4K49V4SpUlfpW0w2GV3+Ge5XY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CI0OiECLSbMDY8/aa21rMkgphFz7ZyefKQRspP9GOfheEgArnlJ6NnLE5pv6GezT+QXLAnqC+7H5Z8iWh1TBzoEVQQFXKGo0wdX5IacOOWo7LKkEUmRlaIMukEGkzmIHkirgvP/Jx42CSB8YG36tOFD9u9CQjBvsXFHKjg1HBTQ= Received: by 10.141.193.1 with SMTP id v1mr2828207rvp.73.1210444757585; Sat, 10 May 2008 11:39:17 -0700 (PDT) Received: by 10.140.185.6 with HTTP; Sat, 10 May 2008 11:39:17 -0700 (PDT) Message-ID: Date: Sat, 10 May 2008 20:39:17 +0200 From: "Benoit Chesneau" To: couchdb-dev@incubator.apache.org Subject: Re: CouchDB 1.0 work In-Reply-To: <5C06AD9F-B9B9-4016-BB88-94D3D1065173@gmx.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <6A14F004-1449-4FC9-A2EE-47BC1CAF9FED@yahoo.com> <1833C7F3-E82D-4BDE-B4EB-4890D6FC2665@gmx.de> <3944C148-CC00-4204-B800-5C7221273C21@gmail.com> <5C06AD9F-B9B9-4016-BB88-94D3D1065173@gmx.de> X-Virus-Checked: Checked by ClamAV on apache.org On Sat, May 10, 2008 at 7:36 PM, Christopher Lenz wrote: > On 10.05.2008, at 17:53, Damien Katz wrote: >> >> On May 10, 2008, at 11:35 AM, Christopher Lenz wrote: >>> >>> As far as I know, the proxy will keep the auth info to itself, and the >>> request will look like a standard anonymous request to CouchDB. I *thin= k* if >>> we don't implement authentication, we can not implement >>> authorization/security for document validation. >> >> Well, I don't know the details of authenticating proxies, but if the use= r >> provides credentials in the HTTP header, and the proxy server validates = it >> and passes it on, then CouchDB would just use the same credentials with = the >> assumption they are authenticated because the HTTP server validated it. = But >> maybe this isn't possible for reasons I don't know about. > > I made a test with Apache/mod_proxy with Digest auth, and it does seem to > pass through the auth credentials (username, realm, etc) via the > Authorization header. So this should hopefully work in general, sorry for > the noise :P > > Cheers, > -- > Christopher Lenz > cmlenz at gmx.de > http://www.cmlenz.net/ > > the same with nginx or squid :) --=20 - beno=EEt