Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
385 views
in Technique[技术] by (71.8m points)

couchdb - PouchDB security

What's the best security practice to follow while using PouchDB on the client-side to access a remote server?

The example on https://pouchdb.com/getting-started.html syncs with the remote server with the code:

var remoteCouch = 'http://user:pass@mname.example.com/todos';

The problem is I probably don't want the user to see the plaintext password with a file they can download -- even if that file is shown to the authenticated users only.

Please advise. Thanks in advance,

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Here's a really good article regarding all things auth for CouchDB.

I've got a production server with CouchDB configured to use HTTP over localhost but external requests require HTTPS redirected via stunnel to CouchDB.

On the client I use PouchDB to maintain a local, replicated db. As part of the handshake to establish communication with CouchDB over HTTPS, the software acquires CouchDB credentials from another server - the credentials are never stored client side.

pouchdb-authentication is a good plugin, but I've found it better to handle auth personally.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...