incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tane Piper <piper.t...@gmail.com>
Subject Namespaced users for authentication per database
Date Sun, 17 Oct 2010 20:53:32 GMT
Hi there,

I'm currently adding more features to my nodejs/couchdb based
application and my next step is user authentication.

I've been told that something like this has been done before with,
possibly with Assay Depot (one of the CouchOne case studies) but I
can't find anything technical about the implementation.

Hopefully I can clearly explain what I am looking to do.  With the
application, we will have one couchdb instance (for example
foo.couchone.com) and within this, we will have one database per
client, so for examples:

_users
client-clientfoo
client-clientbar

At the moment, I am not using the _users table, except for the global
admin user, but rather I'm doing a basic User doctype in each client-
database (with username and password) and doing my own auth check in
my nodejs app by getting the doc, and checking the password then
setting the session information.  The reason I am doing this is
because I can't limit the system to only have one username per system,
but rather than per client.  So for example:

clientfoo:admin
clientbar:admin
clientfoo:jsmith
clientbar:jsmith

Obviously per-client, this is not enforced as it would be in any other
system (for example another John Smith in clientbar would need to be
jsmith2).  I'm hoping to also be able to use this to ensure that each
client's database can only be accessed by their users (as there will
be some sensitive client information contained in the database).  I'll
also be dynamically doing this based on a 3-field entry of
client/username/password, then storing the client name in the session
so each view will request from the correct database.

Any help on this matter would be very appreciated.

Regards,

Tane Piper

Mime
View raw message