realulim commented on issue #844: Add new explicit authentication-tokens that can be revoked URL: https://github.com/apache/couchdb/issues/844#issuecomment-478629767 Logging out with password is a non-starter for user facing applications. This will lead to applications keeping the user's password in memory (or worse, local storage) after login and then re-using it for logout. @janl I haven't advocated to change any existing API or semantics. I have actually said that the current scheme is necessary and expected behavior for non-interactive applications. My argument is that interactive applications (where users log in and out manually) need a different approach to security and thus a new API. This new API could be designed in a way that logout means logged out until reauthenticated. For a reality check (which we all need at times), are there any well-known interactive applications out that use CouchDB and expose its authentication scheme to the user? If yes, then it would be interesting to get their take on this issue. Maybe I'm the only developer using CouchDB in that way and/or overly paranoid.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
