You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Jyrki Pulliainen <jy...@gmail.com> on 2009/02/21 12:28:16 UTC
Managing access
CouchDB site talks about managing user access on database (Admin,
read, update), but I can't find any documentation about this feature.
Can someone pinpoint a page describing the built-in access management?
- Jyrki
Re: Managing access
Posted by Jyrki Pulliainen <jy...@gmail.com>.
2009/2/21 Jason Huggins <ja...@jrandolph.com>:
> On Sat, Feb 21, 2009 at 5:28 AM, Jyrki Pulliainen
> <jy...@gmail.com> wrote:
>> CouchDB site talks about managing user access on database (Admin,
>> read, update), but I can't find any documentation about this feature.
>> Can someone pinpoint a page describing the built-in access management?
>
>
> http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy
>
> You could use Apache as a reverse proxy to your couchdb server. At the
> Apache layer, you can then add an authentication scheme. The above
> link doesn't have the authentication bits shown, but you can find out
> how to do that reading ordinary Apache documentation.
>
> Authorization (i.e. "can user 'a' edit database 'b'?") is a bit more
> tricky than simple authentication (i.e. "is this user 'a'?"). Until
> this kind of thing gets baked into CouchDB (or someone documents how
> they did it!), you'll probably have to roll your own solution.
>
> In my setup, I use Apache to enforce SSL encryption. I then use Django
> as my authentication and authorization engine, where I first require
> all connections to be authenticated with Basic Auth. Then, Django
> allows 'regular' users to only to edit their own databases, and
> 'admin' users to edit any database.
>
> Alas, I have no page to point to yet that shows you how to do the
> Django part. I will say, though, that the hardest bit was making sure
> Django properly proxied all the HTTP headers to and from the CouchDB
> backend. However, the CouchDB unit tests in Futon were invaluable and
> made developing my auth proxy easier.
Thanks for the tip, this approach probably does what I need this time.
- Jyrki
Re: Managing access
Posted by Jason Huggins <ja...@jrandolph.com>.
On Sat, Feb 21, 2009 at 5:28 AM, Jyrki Pulliainen
<jy...@gmail.com> wrote:
> CouchDB site talks about managing user access on database (Admin,
> read, update), but I can't find any documentation about this feature.
> Can someone pinpoint a page describing the built-in access management?
http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy
You could use Apache as a reverse proxy to your couchdb server. At the
Apache layer, you can then add an authentication scheme. The above
link doesn't have the authentication bits shown, but you can find out
how to do that reading ordinary Apache documentation.
Authorization (i.e. "can user 'a' edit database 'b'?") is a bit more
tricky than simple authentication (i.e. "is this user 'a'?"). Until
this kind of thing gets baked into CouchDB (or someone documents how
they did it!), you'll probably have to roll your own solution.
In my setup, I use Apache to enforce SSL encryption. I then use Django
as my authentication and authorization engine, where I first require
all connections to be authenticated with Basic Auth. Then, Django
allows 'regular' users to only to edit their own databases, and
'admin' users to edit any database.
Alas, I have no page to point to yet that shows you how to do the
Django part. I will say, though, that the hardest bit was making sure
Django properly proxied all the HTTP headers to and from the CouchDB
backend. However, the CouchDB unit tests in Futon were invaluable and
made developing my auth proxy easier.
Cheers,
Jason Huggins
Re: Managing access
Posted by James Marca <jm...@translab.its.uci.edu>.
On Sat, Feb 21, 2009 at 01:28:16PM +0200, Jyrki Pulliainen wrote:
> CouchDB site talks about managing user access on database (Admin,
> read, update), but I can't find any documentation about this feature.
> Can someone pinpoint a page describing the built-in access management?
In addition to the blog post (good source) and the recent dev list
postings (I haven't read them), the first found it was in this post to
the mailing list:
http://www.mail-archive.com/couchdb-dev@incubator.apache.org/msg01070.html
hope that helps,
James
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Re: Managing access
Posted by Domingo Aguilera <do...@gmail.com>.
This screencast can help you also http://www.vimeo.com/2189840
On Sat, Feb 21, 2009 at 5:28 AM, Jyrki Pulliainen <
jyrki.pulliainen@gmail.com> wrote:
> CouchDB site talks about managing user access on database (Admin,
> read, update), but I can't find any documentation about this feature.
> Can someone pinpoint a page describing the built-in access management?
>
> - Jyrki
>
Re: Managing access
Posted by Stefan Karpinski <st...@gmail.com>.
>
> We're currently discussing the exact implementation details of
> authentication and authorization on the developer mailing list. The best
> place to read about the current state of security and validation features is
> probably this blog post: http://jchris.mfdz.com/posts/132
>
> The "Reader Access" functionality described on the site is still under
> development as far as I know, and isn't available in the current source code
> for testing just yet. Administrator access and update validation is
> available though, to the extent described in the blog post above.
>
Nice blog post! Thanks for the link.
Re: Managing access
Posted by Jason Davies <ja...@jasondavies.com>.
Hi Jyrki,
On 21 Feb 2009, at 11:28, Jyrki Pulliainen wrote:
> CouchDB site talks about managing user access on database (Admin,
> read, update), but I can't find any documentation about this feature.
> Can someone pinpoint a page describing the built-in access management?
We're currently discussing the exact implementation details of
authentication and authorization on the developer mailing list. The
best place to read about the current state of security and validation
features is probably this blog post: http://jchris.mfdz.com/posts/132
The "Reader Access" functionality described on the site is still under
development as far as I know, and isn't available in the current
source code for testing just yet. Administrator access and update
validation is available though, to the extent described in the blog
post above.
--
Jason Davies
www.jasondavies.com