Creating regular users in CouchDB

小开

The CouchDB documentation has a short article about the security features of CouchDB, and it includes a section on how to create a new user.

小开

I think you have to put a web framework in front to do this the way many sites do. Couchdb admin roles do not work on a record by record basis, so if you create a reader who can read the profiles or account table they can read record.

小开

First you put the user in _users database. The ID of the document must be org.couchdb.user:username, e.g.

With CouchDB 1.2.0 or later use this:

{
"_id": "org.couchdb.user:dbreader",
"name": "dbreader",
"type": "user",
"roles": [],
"password": "plaintext_password"
}

CouchDB will hash & salt the password for you on the server side and save the values in the fields password_sha and salt (see below).

With CouchDB < 1.2.0 the user document needs to look like this:

{
"_id": "org.couchdb.user:dbreader",
"name": "dbreader",
"type": "user",
"roles": [],
"salt": "54935938852dd34f92c672ab31e397cedaf0946d",
"password_sha": "42253ea4461a604f967813aaff90b139d7018806"
}

Note that CouchDB 1.3.0 and later will use PBKDF2 instead of aha & salt for hashing the password.

Then you can create per database authentication by creating document with id _security in specific database which is not versioned, e.g.

{
"admins": {
"names": ["dbadmin"],
"roles": ["editor"]
},
"readers": {
"names": ["dbreader"],
"roles": ["reader"]
}
}

This means that there are 2 users in _users besides the admin dbadmin and dbreader. That should do in case you are too lazy to read the document that has already been suggested.