On Sat, Feb 21, 2009 at 5:28 AM, Jyrki Pulliainen <[email protected]> wrote: > CouchDB site talks about managing user access on database (Admin, > read, update), but I can't find any documentation about this feature. > Can someone pinpoint a page describing the built-in access management?
http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy You could use Apache as a reverse proxy to your couchdb server. At the Apache layer, you can then add an authentication scheme. The above link doesn't have the authentication bits shown, but you can find out how to do that reading ordinary Apache documentation. Authorization (i.e. "can user 'a' edit database 'b'?") is a bit more tricky than simple authentication (i.e. "is this user 'a'?"). Until this kind of thing gets baked into CouchDB (or someone documents how they did it!), you'll probably have to roll your own solution. In my setup, I use Apache to enforce SSL encryption. I then use Django as my authentication and authorization engine, where I first require all connections to be authenticated with Basic Auth. Then, Django allows 'regular' users to only to edit their own databases, and 'admin' users to edit any database. Alas, I have no page to point to yet that shows you how to do the Django part. I will say, though, that the hardest bit was making sure Django properly proxied all the HTTP headers to and from the CouchDB backend. However, the CouchDB unit tests in Futon were invaluable and made developing my auth proxy easier. Cheers, Jason Huggins
