Nolan Lawson created COUCHDB-2191:
-------------------------------------
Summary: Please consider including couchperuser in core
Key: COUCHDB-2191
URL: https://issues.apache.org/jira/browse/COUCHDB-2191
Project: CouchDB
Issue Type: Improvement
Security Level: public (Regular issues)
Reporter: Nolan Lawson
I would love to be able to use CouchDB as the exclusive backend for all my
webapps. The {{_users}} database with the automatic password salting/hashing
and session cookies is brilliant, and saves a lot of developer effort while
still ensuring I don't shoot myself in the foot trying to implement password
security.
However, without creating a database per user, it's impossible to silo user
data in any way other than through {{validate_doc_update}} - i.e. every user
can see everybody else's data, but they can only write to theirs. This use
case does exist (e.g. Twitter), but it's much less common than the case where
users can only read/write their own data.
The plugin ecosystem is great and all, and I totally understand not wanting to
include the kitchen sink in Couch core, but I strongly feel
[couchperuser|https://github.com/etrepum/couchperuser] (or something like it)
should be a checkbox I can tick in the Couch config, rather than a plugin I
have to install manually. It's just too common of a use case in typical
webapps.
Some background: this was prompted by a [discussion in
PouchDB|https://github.com/daleharvey/pouchdb/issues/1575]; Dale has written a
fine solution in [couch-persona|https://github.com/daleharvey/couch-persona],
but I really think the "why Pouch/Couch?" story would be more compelling if you
could do it in pure Couch without an extra server process.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
