top | item 4610154

(no title)

le_isms | 13 years ago

Very cool, considering I've used Cloudant extensively with a Node server and backbone in the past. It's nice to see something that can talk directly with the DB. Though, could someone explain how I would implement permissions and security using this direct-to-Cloudant approach?

discuss

mlmilleratmit|13 years ago

The answer to that question definitely depends on the application. The Cloudant data model allows for read, write, and admin roles to be assigned to both users in the cloudant.com domain as well as generated API keys. For data consumption (e.g. read-only), it's straightforward to map those roles onto the application. For data creation, it of course becomes trickier. Approaches range from generating an API key per user to generating a cloudant.com account per user. However, you've highlighted the key question that is at the heart of all two-tier application stacks, from 'couch apps' to meteor.js, firebase, etc.

drsm79|13 years ago

In addition to what Mike has said about how you set up auth currently the library will use basic auth with the browser dialog. There's a todo in the code to make this a load nicer, and I'd like to get that in the next release.