On Feb 11, 2014, at 2:38 PM, Matt Ingenthron <[email protected]> wrote:
> Just because CouchDB does it, doesn't mean it's correct. Specifically, it's including the password (not just the username) that's deprecated. However, I can't think of a better way in the REST API to provide the password. It could go into a separate parameter in the JSON settings, but that's just as insecure. (Actually in PhoneGap it isn't very insecure because that request never goes outside the app process.) > I'm saying that something in between may be listening to 1998 URIs instead of > 1994 URIs, stripping off the :password and sticking it in an authorization > header for HTTP Basic auth. That's exactly what the Couchbase Lite (and CouchDB) replicator do. If the destination URL contains a username or password, it strips it out and uses it for basic auth. --Jens -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/62CF5AC1-E3F7-4D86-8D95-55A075F16846%40couchbase.com. For more options, visit https://groups.google.com/groups/opt_out.
