Login/Register
Session and security in CouchApp/CouchDB?
Asked Answered
Solved couchdbcouchapp
P

1

9

I'm new to CouchApp and CouchDB and have some questions.

  1. How can I make sessions in CouchApp from my own database (not _users)?
  2. How would I retrieve that session?
  3. How can I parse data from a document?

I can do it with a view, but when someone calls my view url and gets the id, he can get all data like passwords (I'm trying to use my own database to store login information).

In my database I have a document like this:

{  
   "_id": "...",  
   "_rev": "...",  
   "XDocType": "user",  
   "name": "Administrator",  
   "password": "1234",  
   "username": "admin"
}

I want to make a simple login/register/logout with sessions, not cookies.

Peculium answered 1/3, 2011 at 3:46 Comment(0)
B
12

A session is less important with a Couch app because the whole application runs in the client (browser). CouchDB only does the following:

  • Authentication (user can connect with a password, or get a cookie to identify later)
  • Authorization (CouchDB will allow or disallow reading or writing data, depending on the user's name and roles, and the database _security object and validate_doc_update functions.

You can change the default database for user accounts (instead of _users) however you must always have a users database. You can set the _security of the database so that anonymous users cannot access it. (However new users cannot easily sign-up, so it is a trade-off.)

Jan has an excellent post about CouchDB security.

Blackthorn answered 1/3, 2011 at 10:9 Comment(3)
so, at least I should have 2 databases in a single web, shouldn't i? .. thanks for the urlPeculium
Yes, even one database per user (plus one database for public stuff) is a very reasonable Couch app. Multiple databases are no problem.Blackthorn
@Blackthorn -- will couch support millions of databases for millions of users?Bevatron

© 2022 - 2024 — McMap. All rights reserved.