couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Damien Katz <dam...@apache.org>
Subject Re: Replication security branch almost done
Date Fri, 06 Mar 2009 14:13:27 GMT

On Mar 5, 2009, at 12:44 PM, Adam Kocoloski wrote:

> On Mar 4, 2009, at 3:24 PM, Damien Katz wrote:
>
>> The replication security branch is finally near completion, this  
>> work is makes CouchDB enforces security during replication, to  
>> allow CouchDB databases to be exposed directly to clients and  
>> replicators.
>> svn co http://svn.apache.org/repos/asf/couchdb/branches/rep_security
>> This branch also has revision stemming work, but it doesn't  
>> actually do the stemming yet. But that's simple to add later and  
>> will still work with the same replication protocol.
>>
>> This version removes all or nothing bulk updates w/ conflict  
>> checking as it was the only way I could get everything else  
>> working. However, it's still possible we'll add it back if needed.  
>> I'm in favor of removing it all together for now and seeing if we  
>> can live with it. Thoughts please.
>>
>> I'd appreciate people testing it out. Also writing more JS tests  
>> would be a big help too.
>>
>> This branch right now is a month or so behind trunk, so recent  
>> fixes/features are missing until I merge it to latest. Sorry.
>>
>> -Damien
>
> Hi Damien, at the end of security_validation.js, you have
>
>> // this is a legal edit
>> var foo2 = dbB.open("foo2");
>> foo2.value = "b";
>> dbB.save(foo2);
>>
>> var results = CouchDB.replicate(B, A);
>>
>> <snip>
>>
>> // The edit to foo2 should have replicated.
>> T(dbA.open("foo2").value == "a");
>
> I'm confused.  If that was a legal edit, shouldn't the value of foo2  
> on dbA == "b"?  I noticed a line in the log when I run this test
>
>> [info] [<0.121.0>] error replicating document "foo2" rev  
>> "2-3418587803":{unauthorized, <<"You are not the author of this  
>> document. You jerk.">>}
>
> and I if I inspect the two DBs I see that the change did not  
> replicate.  Hope it helps, Adam

Thanks Adam. I'm doing more testing and debugging today.

-Damien

Mime
View raw message