couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Curt Arnold (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COUCHDB-442) Add a "view" or "format" function to process source doc on query
Date Wed, 29 Jul 2009 18:16:14 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12736735#action_12736735
] 

Curt Arnold commented on COUCHDB-442:
-------------------------------------

Say we have a personnel system where documents contain some confidential info (perhaps Social
Security Number) and some less restricted info like education location, phone number, blog
entries, etc.  Say the split is only 5% confidential and 95% public.  I want to create views
by university, graduation date, phone number, location, department, etc.  On each of the queries,
I'd like a class of users to see everything public about the person but not any of the confidential
info.

Without the view function, one option would be calling something like:

emit(key, sanitize(doc));

in the map function for each of the views which would be 95% as bad as doing emit(key, doc).
 Basically, everything that would motivate you to do emit(key, null) over emit(key, doc) comes
into play, but just slightly reduced.

Another workaround would be to grab the ids and just attempt to retrieve all the underlying
documents.  Some other part of the authentication system would need to prevent retrieving
the confidential info either by rejecting the request for the entire document or sanitizing
it.  

Allowing access to a views but disabling include_docs and preventing direct retrievals of
doc is my best analogy to authorizing access to SQL views but restricting direct access to
the tables.

While the main motivation is preparing for a more beefed up authentication and authorization,
it would seem to have some independent usefulness.  Plus it would appear to require any additional
resources until serializing the result set and then only if the user added ?include_views=true.


> Add a "view" or "format" function to process source doc on query
> ----------------------------------------------------------------
>
>                 Key: COUCHDB-442
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-442
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: JavaScript View Server
>            Reporter: Curt Arnold
>
> It is common practice to emit pairs like {key, null} and then query with ?include_docs=true
to retrieve the documents that were responsible for the entries.  However, the full document
may include information that is privileged or the full document may be substantially larger
than the information needed to be transferred to the client.
> The proposed enhancement is to allow defining a "view" function in addition to the existing
"map" and "reduce" on a view.  If specified, the view function would take the id, key, value
and doc and return a JSON value that would be added as the "view" member to the row in the
result set.
> One of the use cases on http://wiki.apache.org/couchdb/Authentication_and_Authorization
is to be able to specify that a user can retrieve the values from a view, but not add include_docs
since that may expose information that they are not authorized to view.  Without the "view"
function, there would be pressure to start pushing things into the emitted value.
> Production of views would be likely controlled using a include_views=true in the query
string.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message