Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
382 views
in Technique[技术] by (71.8m points)

couchdb - PouchDB security

What's the best security practice to follow while using PouchDB on the client-side to access a remote server?

The example on https://pouchdb.com/getting-started.html syncs with the remote server with the code:

var remoteCouch = 'http://user:[email protected]/todos';

The problem is I probably don't want the user to see the plaintext password with a file they can download -- even if that file is shown to the authenticated users only.

Please advise. Thanks in advance,

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Here's a really good article regarding all things auth for CouchDB.

I've got a production server with CouchDB configured to use HTTP over localhost but external requests require HTTPS redirected via stunnel to CouchDB.

On the client I use PouchDB to maintain a local, replicated db. As part of the handshake to establish communication with CouchDB over HTTPS, the software acquires CouchDB credentials from another server - the credentials are never stored client side.

pouchdb-authentication is a good plugin, but I've found it better to handle auth personally.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...