On 10.05.2008, at 17:53, Damien Katz wrote:
On May 10, 2008, at 11:35 AM, Christopher Lenz wrote:
As far as I know, the proxy will keep the auth info to itself, and
the request will look like a standard anonymous request to CouchDB.
I *think* if we don't implement authentication, we can not
implement authorization/security for document validation.
Well, I don't know the details of authenticating proxies, but if the
user provides credentials in the HTTP header, and the proxy server
validates it and passes it on, then CouchDB would just use the same
credentials with the assumption they are authenticated because the
HTTP server validated it. But maybe this isn't possible for reasons
I don't know about.
I made a test with Apache/mod_proxy with Digest auth, and it does seem
to pass through the auth credentials (username, realm, etc) via the
Authorization header. So this should hopefully work in general, sorry
for the noise :P
Cheers,
--
Christopher Lenz
cmlenz at gmx.de
http://www.cmlenz.net/
