couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Contributing" by ChristopherLenz
Date Mon, 07 Apr 2008 10:00:43 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by ChristopherLenz:
http://wiki.apache.org/couchdb/Contributing

The comment on the change is:
Pointers to information on security/validation

------------------------------------------------------------------------------
  
  === Security and Authentication ===
  
- CouchDB currently lacks any security. We want to introduce a super-flexible permission system
with users and groups and read and write permissions that can be enforced on documents and
databases.
+ CouchDB currently lacks any security. We want to introduce a super-flexible permission system
with users and groups and read and write permissions that can be enforced on documents and
databases. Please see the [http://incubator.apache.org/couchdb/docs/overview.html technical
overview] and this [http://groups.google.com/group/couchdb/msg/ca577d22b8aeb7cc post on the
old mailing list] for some info on what is planned.
+ 
  The prerequisite to Security is Identity. The proposal is to use LDAP as the directory of
users and groups. Once authenticated the server will know the distinguished name of the current
user. It may have an datastructure representing the full LDAP entry of the current user which
it can pass to JavaScript functions.
+ 
  The JavaScript security function may live in a design document, there might be several security
functions per database, perhaps one for each document type. There could perhaps be security
functions on the data documents?
+ 
  For example the below function allows everyone to read, but only the creator of the document
may update or delete.
  {{{
  security(doc,databasesecuritydoc,user,operation){
@@ -51, +54 @@

      return false;
    }
  }}}
- 
- @@ add more details
  
  === Database Partitioning ===
  

Mime
View raw message