On Thu, Dec 31, 2009 at 8:50 PM, Steve Olson <[email protected]> wrote: > Chris, and other interested devs: > > I have become a CouchDB Evangelist for our development group (100+ > developers) and I'll be giving a presentation in January to many decision > makers. > > One of my weaknesses in web development is working with authentication and > that has been one of the main lynch pins in my discussions. > > I would like to write some documentation to help out with the couch effort > of evangelizing how to authenticate and secure a CouchDB installation, maybe > a best practices piece.
Steveo, good docs would help a lot of people. I'd like to encourage you to follow through with this. I plan to document it from a developers standpoint soon. Hopefully that will help you get your bearings and write the kinds of docs end-users would like to see. > > In order to write something like that I have to learn it, and from > experience as a noob I find that learning while writing can work out pretty > well because I don't assume as much knowledge on the part of the reader. > > Is there already some documentation describing how to set up authentication > for couch? Maybe with this group we could come up with a list of > scenarios... You should read http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb/ for some background. The account branch is basically an extension of his work. Have you tried the account branch? If you don't use git, I'll be creating an Apache branch for it. If you've got git, you can start using it easily at the url from this thread. The main thing is a workflow for signup and login, it has some online help, which should be a start. > > 1) Behind an Apache Proxy > 2) Other proxies? > 3) Basic Auth (I've seen some info in your book) > 4) LDAP > > Steveo > > On Thu, Dec 31, 2009 at 7:16 PM, Chris Anderson <[email protected]> wrote: > >> On Thu, Dec 24, 2009 at 8:27 AM, Chris Anderson <[email protected]> wrote: >> > Devs, >> > >> > I'm attempting to make more sense of CouchDB's authentication system. >> > The current system is a proverbial ball of spaghetti. I'm still in the >> > investigation stage of my work, and I'm writing this to clarify my >> > thoughts and solicit feedback. >> > >> >> http://github.com/jchris/couchdb/tree/account >> >> Just a note to say that this branch is nearly done. I'd love some review. >> >> To use it, visit Futon and look in the lower-right corner. >> >> Before merging I still need to remove extra log statements, etc. >> >> Feedback welcome! >> >> Chris >> >> -- >> Chris Anderson >> http://jchrisa.net >> http://couch.io >> > > > > -- > Steveo > Steven Douglas Olson > [email protected] > -- Chris Anderson http://jchrisa.net http://couch.io
