On 02.03.2011 08:17, Mark Hahn wrote:
If you don't mind, can you explain your idea in a bit more detail? I
need ideas.
i guess my thought would need digging into erlang and write another
"authentication handler" but i dont know where they are documented.
i wanted to say, with that new authentication handler you could add
another cookie_passwd_sha1 field to your _users documents which is
basically the cookie you provided to the user earlier, just also hashed.
but cant increasing couch_httpd_auth:timeout config option help you?
I appreciate the reference to the wiki page but it sure is a mess. I
couldn't make heads nor tails out of it. Is there a page that spells
out what auth handlers are provided and how they function?
it's probably hidden therein like [2].
sorry if it doesnt make sense nor help you, i got nothing more to say,
was just a quick shot.
have fun
martin
[2]: http://wiki.apache.org/couchdb/Security_Features_Overview
On Tue, Mar 1, 2011 at 11:02 PM, Martin Hilbig<[email protected]> wrote:
just a quick idea: how about a auth handler[1] which uses the cookie as
second passwd and creates a new one afterwards?
have fun
martin
[1]: http://wiki.apache.org/couchdb/Authentication_and_Authorization
On 02.03.2011 06:51, Mark Hahn wrote:
I would like to have the features of the cookie authorization built
into couchdb with the _users table, but allow the user to stay logged
in even after their browser is closed or the db is restarted.
I could store the sha hash in a cookie and check it against their doc
from _users, but after I've done that, how do I get them logged into
couchdb with a token? The only way I can figure out how to do this is
to store the user's password in the clear which defeats the whole
point of storing the sha hashed password. Is there any way to log in
a user to couchdb without using the clear password?
