On Mon, Mar 25, 2013 at 10:48 AM, Robert Newson <[email protected]> wrote: > I'll quibble a little over the notion that 'middleware' can occur > midway through request processing at the backend but, in general, yes. > My point was to take Jason's suggestion head on and attempt to achieve > consensus on what CouchDB should include versus exclude. > > I should have started a new thread for that rather than immediately > forking this one. To answer the specific 'should we add X?' question > it seemed prudent to ask the general 'what features are appropriate > for couchdb?' question. > > To cover your list, in brief, I'd say vhosting, rewriting, throttling, > ip checking are out and authentication and captcha are in, but that's > just my list. > > This thread should either be renamed if we think the discussion is > about the general, or we should all stay on topic (myself included, of > course) and discuss the rate-limiting and captcha question.
good point. > > I think rate-limiting is out of scope but that captcha is in scope > (because authentication in general is in scope). Is captcha technology > something that evolves quite quickly? Would support today be something > that our new quarterly updates could usefully keep pace with? I personnaly don't see how captcha could be useful there vs a good old authentication. Especially now that's it's harder to brute-force the key password hash due to to the use of pbkdf2 . On the other hand we could improve our oauth support with bearer token and beeing a provider to achieve the same kind of result. - benoƮt
