PouchDB安全性 [英] PouchDB security

问题描述

在客户端上使用PouchDB访问远程服务器时遵循的最佳安全实践是什么？

What's the best security practice to follow while using PouchDB on the client-side to access a remote server?

https://pouchdb.com/getting-started.html 与远程服务器同步，其代码为：

The example on https://pouchdb.com/getting-started.html syncs with the remote server with the code:

var remoteCouch = 'http://user:pass@mname.example.com/todos';

问题是我可能不希望用户看到带有他们可以使用的文件的纯文本密码下载-即使该文件仅显示给经过身份验证的用户。

The problem is I probably don't want the user to see the plaintext password with a file they can download -- even if that file is shown to the authenticated users only.

请告知。预先感谢

推荐答案

这是关于CouchDB身份验证的所有事情的真不错的文章。

有一个配置了CouchDB的生产服务器，该服务器配置为通过localhost使用HTTP，但是外部请求需要通过 stunnel 将HTTPS重定向到CouchDB。

I've got a production server with CouchDB configured to use HTTP over localhost but external requests require HTTPS redirected via stunnel to CouchDB.

在客户端上，我使用PouchDB维护本地的复制数据库。作为通过HTTPS与CouchDB建立通信的握手过程的一部分，该软件从另一台服务器获取CouchDB凭据-凭据永远不会存储在客户端。

On the client I use PouchDB to maintain a local, replicated db. As part of the handshake to establish communication with CouchDB over HTTPS, the software acquires CouchDB credentials from another server - the credentials are never stored client side.

pouchdb身份验证很好插件，但我发现最好亲自处理auth。

pouchdb-authentication is a good plugin, but I've found it better to handle auth personally.

这篇关于PouchDB安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！