incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@gmail.com>
Subject Re: Accessing Standalone Application's Login Page on a Secured Database
Date Thu, 24 Jun 2010 16:31:08 GMT

On Jun 24, 2010, at 9:28 AM, afshin afzali wrote:

> Hi Guys,
> 
> Assume there is a secured CouchDB's database (has readers / admins / roles)
> which also equipped with a standalone application. The application has its
> own login page which can get user's credentials and issue cookie
> authentication. So how user can get access to login page when there is not
> any authentication cookie.

I just fixed this in trunk, by adding a login page that anonymous users are redirected to,
where they must signup or login before being sent back to the original URL.

> If we set the require_valid_user to false,
> anonymous can gets access to _design document? If yes what about to other
> docs in database ? anonymous can reads all our docs?
> 

Yes, anyone who can ready any doc in the database can read all the docs in the database, including
design docs.

Chris

> Best,
> -- afshin


Mime
View raw message