Reputation: 431
CouchDB Storing Credentials on the Client Side
I'm trying to make a mobile application with Cordova, AngularJS, and a PouchDB/CouchDB backend. Right now as a test case, I'm using the initial admin account of CouchDB for all connections. I know CouchDB has options to create a new user with limited capabilities. However, it still seems like a huge security flaw to store the credentials for that user type on the client side.
Are there any alternatives if I don't necessarily want the user to provide the credentials himself and I don't want the credentials to be in plain text on the client javascript code?
Upvotes: 2
Views: 423
Answers (1)
Reputation: 11620
You definitely should not give admin rights on the client side, but CouchDB allows any new user to just sign up, so why not use that?
Also for the record, I documented just about everything I know about the CouchDB authentication system here; you might find it useful: https://github.com/nolanlawson/pouchdb-authentication/blob/master/README.md#couchdb-authentication-recipes
Upvotes: 3
Related Questions
- PouchDB remote authentication password storage in browser
- How to authenticate `couchdb` when connecting to it from `pouchdb` in nodejs?
- Prevent Authentication popup 401 with CouchDB PouchDB
- pouchdb/couchdb authentication: create private databases for the users who sign up
- Remember login data in PouchDB
- PouchDb to CouchDb replication with authentication header
- Couchdb sync access with userid and password
- Angularjs with pouchdb and CRUD
- Obscure username and password in PouchDB
- Secure client-side couchApp / couchDB user authentication