Hey! Wonder if I could get some advice here. I’ve been working on refactoring the replication feature in Fauxton to POST to the /_replicator database rather than using /_replicate.
Having all replications (continuous/one-offs) logged in one place (the _replicator database) leaves a nice paper trail of replication history. [N.B. I’ve been speaking to Markus Fischboeck, who’s doing work on adding some advanced replication features - we’re working in parallel]. I’ve been able to get replications working, but it requires passing both basic headers in the POSTed JSON content, and the creds in the actual endpoint URL, like so: http://bob:[email protected]:8000/_replicator It’s the latter that particularly worries me. I don’t believe this is secure over http (correct?), and since Fauxton could be run anywhere, I wanted to know if I should stop heading down this road and stick with _replicate. Thanks! Ben
