I like the simplicity of the solution you propose. About the security implications: First I thought the design document and thus the business logic of an application would be public but that's not the case if login and business logic reside in separate design documents and only the one containing the login logic is open for anonymous access.
Besides: Redirection to a login app can be easily implemented by a reverse proxy in front of the couch. As there's already the implicit dependency between the two necessary databases you already mentioned for a solution using redirection, the complexity added by the proxy wouldn't count much in my eyes. And if security is important it's likely a proxy is used anyway because it's the simplest way to add better logging, SSL and single sign on via Kerberos. Hinnerk On Thu, Oct 14, 2010 at 10:54 PM, Dale Harvey <[email protected]> wrote: > I dont think a configurable redirect really helps logging into private > couchapps, you will be logging in to a public couchapp anyway, so I imagine > it would just be easier "everything" went through the design doc couchapp > and it just told the client where to make requests, I guess that falls apart > fairly quickly with show / lists though > > I did a quick patch mostly for discussions sake, its not a particularly > clean way to do access control, but its a fairly simple patch, obviously if > I can get any consensus would clean up + test etc > > http://gist.github.com/627022 > > On 14 October 2010 07:54, Johannes J. Schmidt <[email protected]> wrote: > >> >> Am Mittwoch, den 13.10.2010, 15:31 -0700 schrieb Tyler Gillies: >> > On Wed, Oct 13, 2010 at 8:25 AM, Paul Davis <[email protected] >> >wrote: >> > >> > > >> > > >> > > I wonder if having a white list of design doc URL paths might be the >> > > middle ground. Instead of redirecting to Futon, the ddoc could list a >> > > URL to redirect to. >> > > >> > > Paul >> > > >> > >> > >> > I like this idea >> >> Me too. I would appreciate a configure option for 403 redirects on a >> database level. >> You might consider storing that url inside the _security object instead. >> Otherwise, if you would have many design documents with such a redirect >> url specified it is not clear which one to choose. >> >> Greetings >> Johannes >> >> >
