couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <>
Subject [Couchdb Wiki] Update of "Technical Overview" by JanLehnardt
Date Sat, 18 Dec 2010 19:29:01 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Technical Overview" page has been changed by JanLehnardt.
The comment on this change is: No doc-level reader access.


  CouchDB database instances have administrator accounts. Administrator accounts can create
other administrator accounts and update design documents. Design documents are special documents
containing view definitions and other special formulas, as well as regular fields and blobs.
- === Reader Access ===
- To protect document contents, CouchDB documents can have a reader list. This is an optional
list of reader-names allowed to read the document. When a reader list is used, protected documents
are only viewable by listed users.
- When a user accesses a database, then his/her credentials (name and password) are used to
dynamically determine his reader names. The user credentials are input to a javascript function
and the function returns a list of names for the user, or an error if the user credentials
are wrong.
- When a document is protected by reader access lists, any user attempting to read the document
must be listed. Reader lists are enforced in views too. Documents that are not allowed to
be read by the user are dynamically filtered out of views, keeping the document row and extracted
information invisible to non-readers.
  === Update Validation ===
  As documents written to disk, they can be validated dynamically by javascript functions
for both security and data validation. When the document passes all the formula validation
criteria, the update is allowed to continue. If the validation fails, the update is aborted
and the user client gets an error response.

View raw message