Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 69203 invoked from network); 2 Mar 2011 07:18:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Mar 2011 07:18:19 -0000 Received: (qmail 40436 invoked by uid 500); 2 Mar 2011 07:18:17 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 40193 invoked by uid 500); 2 Mar 2011 07:18:14 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 40185 invoked by uid 99); 2 Mar 2011 07:18:12 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Mar 2011 07:18:12 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.218.52] (HELO mail-yi0-f52.google.com) (209.85.218.52) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Mar 2011 07:18:07 +0000 Received: by yih10 with SMTP id 10so2878232yih.11 for ; Tue, 01 Mar 2011 23:17:46 -0800 (PST) Received: by 10.90.1.2 with SMTP id 2mr10564776aga.58.1299050266061; Tue, 01 Mar 2011 23:17:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.90.83.3 with HTTP; Tue, 1 Mar 2011 23:17:26 -0800 (PST) In-Reply-To: <4D6DEB75.6050900@gmx.net> References: <4D6DEB75.6050900@gmx.net> From: Mark Hahn Date: Tue, 1 Mar 2011 23:17:26 -0800 Message-ID: Subject: Re: persistent cookie authorization To: user@couchdb.apache.org Cc: Martin Hilbig Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable If you don't mind, can you explain your idea in a bit more detail? I need ideas. I appreciate the reference to the wiki page but it sure is a mess. I couldn't make heads nor tails out of it. Is there a page that spells out what auth handlers are provided and how they function? On Tue, Mar 1, 2011 at 11:02 PM, Martin Hilbig wrote: > just a quick idea: how about a auth handler[1] which uses the cookie as > second passwd and creates a new one afterwards? > > have fun > martin > > [1]: http://wiki.apache.org/couchdb/Authentication_and_Authorization > > On 02.03.2011 06:51, Mark Hahn wrote: >> >> I would like to have the features of the cookie authorization built >> into couchdb with the _users table, but allow the user to stay logged >> in even after their browser is closed or the db is restarted. >> >> I could store the sha hash in a cookie and check it against their doc >> from _users, but after I've done that, how do I get them logged into >> couchdb with a token? =A0The only way I can figure out how to do this is >> to store the user's password in the clear which defeats the whole >> point of storing the sha hashed password. =A0Is there any way to log in >> a user to couchdb without using the clear password? >> > --=20 Mark Hahn Website Manager mark@boutiquing.com 949-229-1012