I spent a lot of time setting up for my CouchDB instance, to create a small application and let CouchDB manage authentication and authorization for me.
So, I got something like this:
Above all, I have a server administrator who is basically a god on my CouchBD instance.
Then I created a database called "mydatabase" (for example) and added the role "mydatabase_dba" as an administrator, as well as the role "mydatabase_user" as a reader.
I also created a database called "_users" that contains all the database administrators and users with their roles, as well as a project document called "_auth" that manages the permissions.
Only the server administrator is the administrator of this database, and I added users with the role "mydatabase_dba" as readers. Then, for those of you who know this, I changed the validate_doc_update field in the _auth document so that users with the mydatabase_dba role can only deal with users with the mydatabase_user role.
So, we summarize at this stage:
- Server admin is still god
- users with the role "mydatabase_user" can connect to "mydatabase", but they are just readers
- users with the role "mydatabase_dba" are the administrators of "mydatabase"
- users with the role "mydatabase_dba" can connect to the _users database where they read.
- users with the role "mydatabase_dba" can manage users of the role "mydatabase_user" in "_users"
Hope this is clear: D
Now I can create an application that will not manage the users themselves, but let users connect directly to CouchDB (transparently).
The problem arises when it comes to creating / updating / deleting users.
Since only users with the role "mydatabase_dba" can access the database "_users" and work with users with the roles "mydatabase_user", I need to at some point connect to CouchDB as this db administrator.
I have two solutions:
- Create a user interface in my application that allows the administrator to connect and do what he needs to do
or
- Make another code and let the application do it automatically, this is the solution I prefer, but the problem is that I have to store administrator credentials ...
Sorry for the long introduction, but first I had to describe the landscape :)
Yesterday I created a post on how I can provide a connection between my application and an instance of CouchDB: here
I was asked to use HTTP over SSL (/ TLS) to provide connectivity. I'm fine, but now I have another problem, maybe I'm paranoid, but because my application will need to connect as "mydatabase_dba", I have to store its credentials somewhere.
But how to store them safely? As mentioned in my previous message, even if I save the hashed password instead of the plain text password, if an attacker gains access to the source code of my application, he will get my administrator credentials ...