My hope is to keep it self contained inside Couch. I am already extending the auth to handle custom authentication, so I'm not afraid to get into the code. :)
JS encryption won't work because you can't get access to files getting posted. If I could do that, I certainly would, but my only option there (which I have investigated) is a plugin. I'm not completely tied to the idea of using couch's attachments, but it has a certain simplicity I am in favor of. I did just realize that this is probably more applicable to the dev list than here, though. - Travis Jensen On Apr 12, 2011, at 2:03 PM, Ryan Ramage <[email protected]> wrote: > I think Benoit is talking about a middle layer. Like node.js or an app server. > > If you are doing a thin couchapp style, then yes it's harder. You > could use a javascript encryption lib on the client. > > Although, I could see value of having it handled as a "couch plugin" > to the attachment system. > > > On Tue, Apr 12, 2011 at 1:51 PM, Travis Jensen <[email protected]> > wrote: >> On Apr 12, 2011, at 11:41 AM, Benoit Chesneau <[email protected]> wrote: >> >>> On Tue, Apr 12, 2011 at 7:33 PM, Travis Jensen <[email protected]> >>> wrote: >>>> If I wanted to encrypt all attachments, where would I go about hooking >>>> in to couch? I'm guessing I would have to replace the current >>>> attachment handler, right? >>>> >>>> I haven't started digging on this; I thought it might be useful to get >>>> some feedback first. >>>> >>>> Thanks >>>> >>>> Tj >>>> >>>> - >>>> Travis Jensen >>>> >>> >>> for better security I would encode them at the client level so the >>> server isn't aware of the decryption key or anything. >>> >>> - benoƮt >> >> While I totally agree with you, it isn't really practical for >> web-based applications. >> >> Tj >> >> - >> Travis Jensen >>
