Non-Admin User-Authentication at couchDB
I am somewhat on the rope with couchdb. I'd like to expose my database to the internet. So what i learned and whats obvious, is that adminparty is no good idea.
So I am planning to create unprivileged users for each database who are allowed to CRUD documents within a single database. CouchDB will be proxy by an Apache2 over SSL.
What I did so far is that I created the users by creating docs in _users.
A user-doc looks like this:
{
"_id": "org.couchdb.user:xxx",
"_rev": "1-0eb034d6789ff52f8c1a414510983108",
"type": "user",
"name": "xx",
"roles": [
"xxx"
],
"password_sha": "xxx",
"salt": "xxx"
}
The I created a HTML-Form which actually worked for admin-Users already. The HTML-Form posts the credentials to /_session.
<!-- language-all: lang-html -->
<FORM action="http://example.com:5984/_session" method="POST" name="logonForm">
<INPUT type="hidden" name="destination" value="http://excample.com:5984/_session">
<p >Benutzername:<br><INPUT type="text" id="name" name="name" size="28" maxlength="256"></p>
<p >Kennwort:<br><INPUT type="password" autocomplete="off" id="password" name="password" size="28" maxlength="256">
<INPUT type="submit" value="Anmelden" >
</FORM>
A开发者_Python百科s mentioned this already works for admin users but not for regular users in /_users.
Access rights are granted at the database based on the role.
Has anybody any idea what went wrong?
Finally I found the mistake:
It was a wrong gererated (without salt) SHA1 hash :-(
A very good documentation can be found here Security Features Overview
精彩评论