couchdb通过重写进行公共接口身份验证
我在特定域上设置了一个网站,该网站通过重写和虚拟主机与我的 couchdb url 完全分离,并且我已经到了需要使用 _sessions API 添加一些用户身份验证的地步,但恐怕我做不到它与重写:
{
"from": "auth",
"to": "../../../_session"
}
给我:
{"error":"insecure_rewrite_rule","reason":"too many ../.. segments"}
这是可以接受的,但现在我想知道如何在不暴露 couchdb url 的情况下从我的域进行会话身份验证,而且,会话似乎与域相关,所以如果我登录通过couchdb.example.com 使用 mywebsite.com 作为公共接口时将无法工作?
谢谢
PS。我刚刚发现这篇文章,其中有一个替代方案,可以在 httpd 配置文件上禁用 secure_rewrites
,这似乎工作,不过,我想知道这可能不是一个好方法,是否还有其他方法适合此类问题。
I have a website set on a specific domain which is completely separated from my couchdb url through rewrites and virtual hosts, and I got to a point where I need to add some user authentication using _sessions API but I'm afraid I can't do it with rewrites:
{
"from": "auth",
"to": "../../../_session"
}
gives me:
{"error":"insecure_rewrite_rule","reason":"too many ../.. segments"}
which is acceptable, but now I'm wondering how would I get the session authentication to work from my domain without exposing couchdb url, and also, the session seems to be related to the domain so if I login through couchdb.example.com it won't work when using mywebsite.com as the public interface?
Thanks
PS. I've just found this post where there's an alternative by disabling secure_rewrites
on the httpd config file, which seems to work, although, I was wondering that perhaps might be not a good approach and if is there something else which is ideal for this kind of problem.
我建议设置
secure_rewrites=false
并且不用担心。我们在 Iris Couch 论坛中就 CouchDB 重写和安全性进行了精彩的讨论。另请参阅我稍后关于使用 Audit CouchDB 的文章。以下是要点:
secure_rewrites
选项并不是数据安全的最终来源。充其量,它只是多层解决方案中的一层。_security
对象。因此,这就是您应该集中注意力的地方I recommend to set
secure_rewrites=false
and don't worry about it.We had a great discussion about CouchDB rewrites and security in the Iris Couch forum. Also see my post later about using Audit CouchDB. These are the highlights:
secure_rewrites
option is not the ultimate source of security for your data. At best, it is one layer in a multi-layer solution_security
object in the database. So that is where you should focus your attention