Closed svnlto closed 11 years ago
I originally thought we should do this, but now I disagree. The _users
database is designed for CouchDB users and as such gives certain permissions on the database itself to each user we create. While we would lock down the port to only be accessible locally, this still seems like an unnecessary security hole.
It also doesn't gain us much in terms of ease of use. We'd have to proxy requests between the client and the database in order to do authentication which is just as messy as doing authentication ourselves.
+1
Currently, all users are being stored in the 'bower-registry' database. I'd like to stick to CouchDB's convention of storing users in '_users'.
The registry currently doesn't support multiple DB's right now which is something we should add.