couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <adam.kocolo...@gmail.com>
Subject Re: Replication security branch almost done
Date Thu, 05 Mar 2009 17:44:23 GMT
On Mar 4, 2009, at 3:24 PM, Damien Katz wrote:

> The replication security branch is finally near completion, this  
> work is makes CouchDB enforces security during replication, to allow  
> CouchDB databases to be exposed directly to clients and replicators.
> svn co http://svn.apache.org/repos/asf/couchdb/branches/rep_security
> This branch also has revision stemming work, but it doesn't actually  
> do the stemming yet. But that's simple to add later and will still  
> work with the same replication protocol.
>
> This version removes all or nothing bulk updates w/ conflict  
> checking as it was the only way I could get everything else working.  
> However, it's still possible we'll add it back if needed. I'm in  
> favor of removing it all together for now and seeing if we can live  
> with it. Thoughts please.
>
> I'd appreciate people testing it out. Also writing more JS tests  
> would be a big help too.
>
> This branch right now is a month or so behind trunk, so recent fixes/ 
> features are missing until I merge it to latest. Sorry.
>
> -Damien

Hi Damien, at the end of security_validation.js, you have

> // this is a legal edit
> var foo2 = dbB.open("foo2");
> foo2.value = "b";
> dbB.save(foo2);
>
> var results = CouchDB.replicate(B, A);
>
> <snip>
>
> // The edit to foo2 should have replicated.
> T(dbA.open("foo2").value == "a");

I'm confused.  If that was a legal edit, shouldn't the value of foo2  
on dbA == "b"?  I noticed a line in the log when I run this test

> [info] [<0.121.0>] error replicating document "foo2" rev  
> "2-3418587803":{unauthorized, <<"You are not the author of this  
> document. You jerk.">>}

and I if I inspect the two DBs I see that the change did not  
replicate.  Hope it helps, Adam

Mime
View raw message