Thank you for this comment sir, you just saved me some days of coding a Python/Flask middleware application I was going to build to handle connections between an in-house browser application and Redis, very cool indeed.
Yeah, what would be really nice would be a light framework around this which automatically handles authentication by hashing the username and password on the client to a cookie and then just sends that cookie as an auth key with each request to map to the relevant data.
There'd be no practical way of reproducing someone else's auth key without knowing their username and password, so this setup would be basically secure as long as the application is designed in such a way that either client-side Redis requests are read-only or that it isn't dangerous for any user to have write access to their own data.
Well, my idea was to use the hash as a way to actually find the data, but I'm sure there's a way to make it work with a session key too.
It looks like Webdis has support for basic access control, but I'm not 100% clear on how well it would work for securely throwing database logic into the client: http://webd.is/#acl
I haven't tested Webdis, but since HTTPDB has a publicly available version for testing, I decided to play around with it, and here's one way my auth key idea could be made to work pretty simply:
The main danger here is that it doesn't look like there's any sort of protection against malicious users filling the database with junk data to run up your GAE quota, or potentially overwriting non-private values and messing up random parts of the application.
Also, I just noticed that the last commit was two years ago, so I'll look around to see if something similar but more secure is out there.
http://webd.is/