I personally believe that it's a good choice not to focus too much development resources on the authentication/authorization stuff (although 0.11 added a lot of functionality in that area). You actually don't need all that stuff all the time and if you need it, you can add it using a proxy e.g. - UNIX style :) But if you intent to use couch as a public-facing, one might forgive me, "web server" it's lagging that stuff a lot. At least if you don't want to build a fully-open application. And IMHO that's the point. Building apps with couchapp is awesome. It's fun! But it's not a "one fits all" solution. If you need to "hide" stuff, need strong and sort of complex authentication or business logic, etc. ... you probably want to use couchdb as a backend data storage rather than a front-end application server. And I think that's totally fine.
Sometimes I get the impression - and maybe I'm wrong here - that this is not properly communicated to the users. Sebastian On 21.06.2010, at 09:53, Manokaran K wrote: > On Mon, Jun 21, 2010 at 1:11 PM, Sebastian Cohnen < > [email protected]> wrote: > >> what about adding a proxy and deny unauthorized access to restricted urls? >> >> > Thats a work around but it would be nice if these issues can be handled at > couchdb level itself. > > regds, > mano
