2009/2/21 Jason Huggins <[email protected]>: > On Sat, Feb 21, 2009 at 5:28 AM, Jyrki Pulliainen > <[email protected]> wrote: >> CouchDB site talks about managing user access on database (Admin, >> read, update), but I can't find any documentation about this feature. >> Can someone pinpoint a page describing the built-in access management? > > > http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy > > You could use Apache as a reverse proxy to your couchdb server. At the > Apache layer, you can then add an authentication scheme. The above > link doesn't have the authentication bits shown, but you can find out > how to do that reading ordinary Apache documentation. > > Authorization (i.e. "can user 'a' edit database 'b'?") is a bit more > tricky than simple authentication (i.e. "is this user 'a'?"). Until > this kind of thing gets baked into CouchDB (or someone documents how > they did it!), you'll probably have to roll your own solution. > > In my setup, I use Apache to enforce SSL encryption. I then use Django > as my authentication and authorization engine, where I first require > all connections to be authenticated with Basic Auth. Then, Django > allows 'regular' users to only to edit their own databases, and > 'admin' users to edit any database. > > Alas, I have no page to point to yet that shows you how to do the > Django part. I will say, though, that the hardest bit was making sure > Django properly proxied all the HTTP headers to and from the CouchDB > backend. However, the CouchDB unit tests in Futon were invaluable and > made developing my auth proxy easier.
Thanks for the tip, this approach probably does what I need this time. - Jyrki
