incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hahn <m...@boutiquing.com>
Subject Re: persistent cookie authorization
Date Fri, 04 Mar 2011 01:08:47 GMT
Thanks for the shot, either quick or not.

>  but can't increasing couch_httpd_auth:timeout config option help you?

I tried that.  That is some kind of timeout internal to couch.  The
cookie it emits has no date set so when the browser closes the cookie
goes away.

I guess I'll have to do some research on how to do everything in my
app.  Thanks again.

On Thu, Mar 3, 2011 at 3:40 PM, Martin Hilbig <blueonyx@gmx.net> wrote:
> On 02.03.2011 08:17, Mark Hahn wrote:
>>
>> If you don't mind, can you explain your idea in a bit more detail?  I
>> need ideas.
>
> i guess my thought would need digging into erlang and write another
> "authentication handler" but i dont know where they are documented.
>
> i wanted to say, with that new authentication handler you could add another
> cookie_passwd_sha1 field to your _users documents which is basically the
> cookie you provided to the user earlier, just also hashed.
>
> but cant increasing couch_httpd_auth:timeout config option help you?
>
>> I appreciate the reference to the wiki page but it sure is a mess.  I
>> couldn't make heads nor tails out of it.  Is there a page that spells
>> out what auth handlers are provided and how they function?
>
> it's probably hidden therein like [2].
>
> sorry if it doesnt make sense nor help you, i got nothing more to say, was
> just a quick shot.
>
> have fun
> martin
>
> [2]: http://wiki.apache.org/couchdb/Security_Features_Overview
>
>>
>> On Tue, Mar 1, 2011 at 11:02 PM, Martin Hilbig<blueonyx@gmx.net>  wrote:
>>>
>>> just a quick idea: how about a auth handler[1] which uses the cookie as
>>> second passwd and creates a new one afterwards?
>>>
>>> have fun
>>> martin
>>>
>>> [1]: http://wiki.apache.org/couchdb/Authentication_and_Authorization
>>>
>>> On 02.03.2011 06:51, Mark Hahn wrote:
>>>>
>>>> I would like to have the features of the cookie authorization built
>>>> into couchdb with the _users table, but allow the user to stay logged
>>>> in even after their browser is closed or the db is restarted.
>>>>
>>>> I could store the sha hash in a cookie and check it against their doc
>>>> from _users, but after I've done that, how do I get them logged into
>>>> couchdb with a token?  The only way I can figure out how to do this is
>>>> to store the user's password in the clear which defeats the whole
>>>> point of storing the sha hashed password.  Is there any way to log in
>>>> a user to couchdb without using the clear password?
>>>>
>>>
>>
>>
>>
>



-- 
Mark Hahn
Website Manager
mark@boutiquing.com
949-229-1012

Mime
View raw message