All geek questions in one place

PouchDB Security

What is the best security practice when using PouchDB on the client side to access a remote server?

Example https://pouchdb.com/getting-started.html syncs with a remote server with code:

var remoteCouch = 'http://user: pass@mname.example.com /todos';

The problem is that I probably don't want the user to see the plaintext password with a file that they can download, even if this file is shown only to authenticated users.

Please inform. Thanks in advance,

+5
source share
3 answers

Each site user must have their own CouchDB user. As @onno suggests, use HTTPS and user credentials to access CouchDB. Passwords should never be available in client-side JavaScript.

+1
source

Here's a really good article on all auth stuff for CouchDB.

I have a production server with CouchDB configured to use HTTP through localhost, but external requests require HTTPS redirected via stunnel to CouchDB.

On the client, I use PouchDB to support local, replicated db. As part of a handshake to establish communication with CouchDB via HTTPS, the software acquires CouchDB credentials from another server — credentials are never stored on the client side.

pouchdb-authentication is a good plugin, but I found it better to deal with a personal name.

+1
source

It depends on your remote server. If you use a CouchDB server, you can configure it to communicate only via SSL (HTTPS), for more details see docs .

If you do not want to show your CouchDB server directly on the Internet, you can also hide it behind a reverse proxy server, for example. Apache server with the extension mod_proxy and SSL.

0
source

Source: https://habr.com/ru/post/1261242/

More articles:


All Articles