Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pouchdb-adapter-http to support session authentication instead of basic authentication #8935

Open
dianabarsan opened this issue Apr 18, 2024 · 1 comment
Open

Update pouchdb-adapter-http to support session authentication instead of basic authentication #8935

dianabarsan opened this issue Apr 18, 2024 · 1 comment

Comments

@dianabarsan
Copy link
Contributor

Issue

Best practices for hashing passwords is to use the highest number of iterations possible. In CouchDb, the recommended number of iterations is 10000, with this disclaimer:

A higher number provides better hash durability, but comes at a cost in performance for each request that requires authentication. When using hundreds of thousands of iterations, use session cookies, or the performance hit will be huge.
Source

pouchdb-adapter-http uses basic authentication exclusively.

I'm proposing to update pouchdb-adapter-http so that it supports using session authentication, along with basic authentication.
@dianabarsan
Copy link
Contributor Author

I've already developed a plugin that wraps pouchdb-adapter-http to add a call to _session and/or append the resulting AuthSession cookie header for outgoing requests: https://github.com/medic/pouchdb-session-authentication

I'm keen to work to include similar logic into the adapter directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dianabarsan