Creating regular users in CouchDB

后端 未结 3 570
猫巷女王i
猫巷女王i 2020-12-04 09:25

How can I create regular, non-admin users in CouchDB?

相关标签:
3条回答
  • 2020-12-04 10:14

    The CouchDB documentation has a short article about the security features of CouchDB and how to configure a "reader" which is what resembles a user in a relational database.

    0 讨论(0)
  • 2020-12-04 10:24

    First you put the user in _users database. The ID of the document must be org.couchdb.user:username, e.g.

    With CouchDB 1.2.0 or later use this:

    {
        "_id": "org.couchdb.user:dbreader",
        "name": "dbreader",
        "type": "user",
        "roles": [],
        "password": "plaintext_password"
    }
    

    CouchDB will hash & salt the password for you on the server side and save the values in the fields password_sha and salt (see below).

    With CouchDB < 1.2.0 the user document needs to look like this:

    {
        "_id": "org.couchdb.user:dbreader",
        "name": "dbreader",
        "type": "user",
        "roles": [],
        "salt": "54935938852dd34f92c672ab31e397cedaf0946d",
        "password_sha": "42253ea4461a604f967813aaff90b139d7018806"
    }
    

    Note that CouchDB 1.3.0 and later will use PBKDF2 instead of aha & salt for hashing the password.

    Then you can create per database authentication by creating document with id _security in specific database which is not versioned, e.g.

    {
        "admins": {
            "names": ["dbadmin"],
            "roles": ["editor"]
        },
        "readers": {
            "names": ["dbreader"],
            "roles": ["reader"]
        }
    }
    

    This means that there are 2 users in _users besides the admin dbadmin and dbreader. That should do in case you are too lazy to read the document that has already been suggested.

    0 讨论(0)
  • 2020-12-04 10:31

    I think you have to put a web framework in front to do this the way many sites do. Couchdb admin roles do not work on a record by record basis, so if you create a reader who can read the profiles or account table they can read record.

    0 讨论(0)
自定义标题
段落格式
字体
字号
代码语言
提交回复
热议问题