On 25 Jun 2009, at 20:49, Benoit Chesneau wrote:
That sound good for me except for the anonymous stuff and user specific data. Why not keeping same roles as other and just specify writer when you want to allow write for guests ?
Can you elaborate on the "keeping same roles as other"? I'm open for suggestions :)
About the user specific data I'm a little afraid about security. I think user database should be protected for all users except admins.
Sure, the users database is a admin-only resource.
Sure password is hashed/encrypted but this is just a question of time/number of cpu that some could decrypt these password. I would prefer them not so easyly available. So maybe user profiles & co could be in an optionnal "profile" db. This for case when you expose database to the public. Maybe it's a little paranoid though.
User-specific data that an app needs should live in documents separate from the docs that contain the hashes. Does that work for you?
Btw wil you use the current erlang oauth module to do that ?
I had a look and it provides some of the things we need, but not everything. The license is compatible with us, so I don't see why I shouldn't include the bits that are useful to us. Cheers Jan --
