On Feb 8, 2013, at 2:17 AM, svilen <[email protected]> wrote: > i'm trying to replicate a per-user database to/from touchdb on mobile device
What mobile platform? > The only thing working on both android and ios seems to be > the remote target/source url to contain user+pasw inside like > http://user:passw@remote:5984/dbname > which means user/psw will stay in the replicator database.. > and/or require user to login each time, or store them elsewhere too. > which isn't good for usability/security. The Android version of TouchDB is still is a pretty immature state, particularly the replicator, so your above statement may well be true there. On iOS you don’t have to hardcode the password; you can use the OS’s secure credential store to hold it, either temporarily or persistently. This is described on the wiki: https://github.com/couchbase/couchbase-lite-ios/wiki/Authentication > so i wanted to do cookie-based /_session authentication, but i don't see > where to put the cookie (eventually obtained by manualy POSTing on > server/_session). This isn’t any different, from the app’s perspective; you still have to provide a username and password somehow, they’re just sent to the server slightly differently. Recent builds of TouchDB (now aka Couchbase Lite) include support for the new BrowserID protocol, which is a single-sign-on system similar to OpenID that lets users log in with any working email address. Of course the server needs to support it too; IrisCouch’s servers already do, and they have a plugin for CouchDB on GitHub that you can add if you run your own server. There’s also OAuth, which TouchDB also supports. OAuth is an ugly mess IMHO and I would avoid it unless you’re really eager to provide logins via Facebook accounts. BTW, the mobile-couchbase list is the best place to discuss TouchDB/Couchbase Lite specific issues: https://groups.google.com/forum/?fromgroups#!forum/mobile-couchbase —Jens
