incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Bonser <mister...@gmail.com>
Subject Re: Proper use of _users for authentication module
Date Wed, 07 Jul 2010 17:50:16 GMT
On Wed, Jul 7, 2010 at 12:32 PM, J Chris Anderson <jchris@gmail.com> wrote:
>
> On Jul 7, 2010, at 12:01 AM, Jason Smith wrote:
>
>> When is it appropriate for an authentication module to use the _users
>> database (or whatever it is configured to be)?
>>
>> I am investigating OpenID 2.0 support. A requirent is to store a nonce
>> to protect against replay attacks. I am evaluating using a database to
>> store the nonce. (Another option is an ets table but that has it's own
>> issues.)
>>
>> The built-in design document IIRC rejects all non-user documents. So
>> storing a nonce as a new document type would require changing that
>> policy in an unclear way.
>
> Does it make sense to add the nonce to the existing user document? That will allow a
single lookup instead of multiple lookups.

The only potential snag is that you need to store all nonces from the
last X minutes (and reject any nonces with a timestamp longer than X
minutes ago, as well as nonces which have already been used), so it
would need to maintain and trim the list as it goes.

>
>>
>> Would it be better to create a whole new _openid database for the task?
>>
>> Suggestions welcome. Thanks!
>>
>> --
>> Jason Smith
>> Couchio Hosting
>
>



-- 
Paul Bonser
http://probablyprogramming.com

Mime
View raw message