开发者

Non-Admin User-Authentication at couchDB

I am somewhat on the rope with couchdb. I'd like to expose my database to the internet. So what i learned and whats obvious, is that adminparty is no good idea.

So I am planning to create unprivileged users for each database who are allowed to CRUD documents within a single database. CouchDB will be proxy by an Apache2 over SSL.

What I did so far is that I created the users by creating docs in _users.

A user-doc looks like this:

{
   "_id": "org.couchdb.user:xxx",
   "_rev": "1-0eb034d6789ff52f8c1a414510983108",
   "type": "user",
   "name": "xx",
   "roles": [
       "xxx"
   ],
   "password_sha": "xxx",
   "salt": "xxx"
}

The I created a HTML-Form which actually worked for admin-Users already. The HTML-Form posts the credentials to /_session.

<!-- language-all: lang-html -->
<FORM action="http://example.com:5984/_session" method="POST" name="logonForm">
<INPUT type="hidden" name="destination" value="http://excample.com:5984/_session">
<p >Benutzername:<br><INPUT type="text" id="name" name="name" size="28" maxlength="256"></p>
<p >Kennwort:<br><INPUT type="password" autocomplete="off" id="password" name="password" size="28" maxlength="256">&nbsp;&nbsp;
<INPUT type="submit" value="Anmelden" >
</FORM>

A开发者_Python百科s mentioned this already works for admin users but not for regular users in /_users.

Access rights are granted at the database based on the role.

Has anybody any idea what went wrong?


Finally I found the mistake:

It was a wrong gererated (without salt) SHA1 hash :-(

A very good documentation can be found here Security Features Overview

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜