incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@apache.org>
Subject Re: Best performing login implementation?
Date Mon, 06 Sep 2010 16:38:58 GMT

On Sep 6, 2010, at 8:50 AM, Wout Mertens wrote:

> On Sep 6, 2010, at 17:24 , J Chris Anderson wrote:
> 
>> Also it is worth noting that CouchDB has a builtin authentication system that gets
this right, and you might just be able to piggyback on it, depending on your application:
>> 
>> http://blog.couch.io/post/1027100082/whats-new-in-couchdb-1-0-part-4-securityn-stuff
> 
> So the security model is:
> - Admins can do everything on all local databases
> - Readers can read the entire database
> - Writes can have any model you like with validation functions
> 
> So if you want to segment your database readers you have to segment your databases.
> 

Yes.

> Furthermore, if you would like to use LDAP authentication, you'd have to use an LDAP-to-OAuth
server.
> 

It should be a very simple patch to add new Erlang authentication handlers for things like
LDAP, Kerberos, etc. That might be simpler than adding a bunch of glue to speak OAuth.

> Correct?
> 
> Wout.


Mime
View raw message