You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by "Alexander Shorin (JIRA)" <ji...@apache.org> on 2015/02/20 15:29:12 UTC

[jira] [Commented] (COUCHDB-2191) Please consider including couchperuser in core

    [ https://issues.apache.org/jira/browse/COUCHDB-2191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14328969#comment-14328969 ] 

Alexander Shorin commented on COUCHDB-2191:
-------------------------------------------

If [~etrepum] would like to contribute his couchperuser project, so why not? (: It could be included into core or as plugin that available out of the box. I think that would be great too since the implemented pattern is too much common.

> Please consider including couchperuser in core
> ----------------------------------------------
>
>                 Key: COUCHDB-2191
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2191
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>            Reporter: Nolan Lawson
>
> I would love to be able to use CouchDB as the exclusive backend for all my webapps.  The {{_users}} database with the automatic password salting/hashing and session cookies is brilliant, and saves a lot of developer effort while still ensuring I don't shoot myself in the foot trying to implement password security.
> However, without creating a database per user, it's impossible to silo user data in any way other than through {{validate_doc_update}} - i.e. every user can see everybody else's data, but they can only write to theirs.  This use case does exist (e.g. Twitter), but it's much less common than the case where users can only read/write their own data.
> The plugin ecosystem is great and all, and I totally understand not wanting to include the kitchen sink in Couch core, but I strongly feel [couchperuser|https://github.com/etrepum/couchperuser] (or something like it) should be a checkbox I can tick in the Couch config, rather than a plugin I have to install manually.  It's just too common of a use case in typical webapps.
> Some background: this was prompted by a [discussion in PouchDB|https://github.com/daleharvey/pouchdb/issues/1575]; Dale has written a fine solution in [couch-persona|https://github.com/daleharvey/couch-persona], but I really think the "why Pouch/Couch?" story would be more compelling if you could do it in pure Couch without an extra server process.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)