CouchDB Proxy Authentication security - user roles confusion -


on user auth success auth server generates token , passes client.

the docs client has add following headers:

x-auth-couchdb-username: username;
x-auth-couchdb-roles:comma-separated (,) list of user roles;
x-auth-couchdb-token: authentication token.

does mean client defines own roles on every request? why can't add 'admin' list of roles then?

a client uses or requests resources server.

"the client" in case proxy/auth server, not web browser. (the documentation stand clarified bit.)

so yes, proxy/auth server, client couchdb, should set header appropriate.

by extension, should not pass through x-auth-couch headers received its client (presumably web browser).


Comments

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

php - How can i create a user dashboard -

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -