

Secure Cookie Auth with CouchDB - jdp
http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb/

======
tptacek
This is the first implementation of SRP I've ever seen that remembered on the
first try to check (A%n)!=0 instead of A!=0, so I give him props for
diligence.

But SRP is totally irrelevant in a browser context, because any technique you
can use to safely deliver SRP code to the browser can be used just as easily
to safely exchange passwords directly. SRP will be relevant when browsers bake
it in.

~~~
jasondavies
Thanks!

> But SRP is totally irrelevant in a browser context, because any technique
> you can use to safely deliver SRP code to the browser can be used just as
> easily to safely exchange passwords directly. SRP will be relevant when
> browsers bake it in.

If you read the conclusion, this is why I ripped out the SRP stuff :-) Can't
wait for TLS-SRP to hit the browsers.

------
coconutrandom
CouchDB is pretty awesome.

But, all this article said is: "Hey we have a great Idea and it Works.
[mumbles]For sufficiently small values of works."

