You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by "Nolan Lawson (JIRA)" <ji...@apache.org> on 2014/09/05 17:50:28 UTC

[jira] [Commented] (COUCHDB-2191) Please consider including couchperuser in core

    [ https://issues.apache.org/jira/browse/COUCHDB-2191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14123066#comment-14123066 ] 

Nolan Lawson commented on COUCHDB-2191:
---------------------------------------

Another way to argue this point: read [my beginner's guide to CouchDB authentication schemes](https://github.com/nolanlawson/pouchdb-authentication#couchdb-authentication-recipes) from the perspective of a new CouchDB user. I think it's pretty disappointing when I get to that final point and just say, "Welp, you need a separate server process."

> Please consider including couchperuser in core
> ----------------------------------------------
>
>                 Key: COUCHDB-2191
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2191
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>            Reporter: Nolan Lawson
>
> I would love to be able to use CouchDB as the exclusive backend for all my webapps.  The {{_users}} database with the automatic password salting/hashing and session cookies is brilliant, and saves a lot of developer effort while still ensuring I don't shoot myself in the foot trying to implement password security.
> However, without creating a database per user, it's impossible to silo user data in any way other than through {{validate_doc_update}} - i.e. every user can see everybody else's data, but they can only write to theirs.  This use case does exist (e.g. Twitter), but it's much less common than the case where users can only read/write their own data.
> The plugin ecosystem is great and all, and I totally understand not wanting to include the kitchen sink in Couch core, but I strongly feel [couchperuser|https://github.com/etrepum/couchperuser] (or something like it) should be a checkbox I can tick in the Couch config, rather than a plugin I have to install manually.  It's just too common of a use case in typical webapps.
> Some background: this was prompted by a [discussion in PouchDB|https://github.com/daleharvey/pouchdb/issues/1575]; Dale has written a fine solution in [couch-persona|https://github.com/daleharvey/couch-persona], but I really think the "why Pouch/Couch?" story would be more compelling if you could do it in pure Couch without an extra server process.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)