couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <>
Subject Re: filter for _changes
Date Mon, 20 Jul 2009 15:51:12 GMT
On Mon, Jul 20, 2009 at 12:19 AM, Benoit Chesneau<> wrote:
> 2009/7/20 Chris Anderson <>:
>> Devs,
>> I've just committed a patch (r795687) that adds the ability to filter
>> _changes requests with a JavaScript function.
>> The function signature is:
>> function(doc, req, userCtx) {
>>  return (true or false);
>> }
>> When it returns true (or something truthy, like a non-empty string or
>> a non-zero number), the change is passed along to the user, otherwise
>> it is skipped.
>> The filter functions are stored on design documents under the
>> "filters" field. The current best source of documentation is the
>> changes.js test.
>> To query changes with a filter, the syntax is like:
>> GET /db/_changes?filter=ddocname/filtername
>> The biggest problem with this patch is that it uses a JavaScript OS
>> process per connected filtered listener. Fixing this is an
>> optimization as it won't effect the API, which is why I'm comfortable
>> committing this.
>> I'd appreciate some review to make sure the implementation is on the
>> right track.
>> Cheers,
>> Chris
>> --
> Implementation seems good for me and tests pass. For userCtx filtering
> I guess it would be needed to have a way to filter all changes without
> passing any parameter to forbid all changes read. Maybe by adding a
> main validate_changes on top of a design doc ? Same args but this
> fucntion would be applied on all changes. What do you think about it ?

I think you're suggesting using filtered changes as a security
mechanism? That is certainly possible, but to do it right we'd have to
ensure that it filters all document requests, which itself is
non-trivial, and would certainly require us to address the performance
issues. The other problem with using the filter for security is that
we'd need to filter view rows. There's not really a fast way to do
that for reduce views.

I'd suggest we punt on JavaScript security functions for a while, at
least until we've given this stuff a chance to sink in.


Chris Anderson

View raw message