couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Partial replication -orelse- sending interpreted data to another server
Date Mon, 16 Feb 2009 21:39:59 GMT
On Mon, Feb 16, 2009 at 10:02 AM, Damien Katz <damien@apache.org> wrote:
>
> Therefore the answer is to not distinguish between replicated updates and
> direct updates. Instead enforce same security rules either way. This user
> can update this document with these values, or he can't. Doesn't matter if
> it's replicated or direct.
>

This pretty much describes the way I understand it as well. This makes
the constraints on validation functions interesting. Under what
circumstances should they ensure that the documents author-id matches
the saving user? Will the previous_rev always be available at
replication, as it is in the function signature?

Validation functions make me want a distinction between document
creation, and subsequent updates.

>
> Timeouts suck, but so does everything else.
>

classic Damien.

I'm glad we're talking about this. Distributed identity is a tough
problem, and validation / security plays a central role in that.

Chris

-- 
Chris Anderson
http://jchris.mfdz.com

Mime
View raw message