couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curt Arnold <curt.ar...@gmail.com>
Subject Re: Second call for objections releasing 0.10
Date Mon, 21 Sep 2009 18:12:45 GMT
Probably should not have ventured any opinion on a resolution since I had
just scanned the thread and hadn't had any time to investigate it myself.
However, it did seem to suggest a possible means of abuse and didn't seem to
have a resolution at the moment.

Doing a quick test with IE and FF, showed that:

{ withdrawl: 10000.00, withdrawl: 10.00 }

appeared to be indistinguishable from:

{ withdrawl : 10.00 }

Basically, it was as if you did:

var doc = new Object();
doc.withdrawl = 10000.0;
doc.withdrawl = 10.0;

and the first assignment got discarded.

As long as CouchDB is consistent with that interpretation, then there is not
a problem as far as I can tell.

If some level (like the query processor) saw both entries, then you might be
able to exploit the discrepancy.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message