couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: DB ACLs (was Re: 0.11 Release / Feature Freeze for 1.0)
Date Thu, 04 Feb 2010 11:01:29 GMT
On Wed, Feb 03, 2010 at 02:27:56PM -0800, Jan Lehnardt wrote:
> > Sorry to be blunt, but do you have numbers to back that up?  This smells
> > very much of premature optimisation.
> 
> Reading a document costs: 
> 
>     1 disk seek to the end of the db file to grab the b-tree root
>  + n disk seeks to the document (n < 5 to 10 in most cases)
> 
> In a well cached database, most of the seeks are free, but the last one
> usually isn't (unless you can hold a full database in memory).

That's not true here. If _readers were a document within the database then
the *same* document would be read for every access, and therefore it would
be cached.  There's no seek.

But again you've ignored my main point: I'm proposing that the authorisation
be a role within the userctx, and the userctx is already loaded.  Free is
better than cheap.

Actually, that's not entirely true. We want to have publicly-readable
databases, so we need an "_anon" user with roles assigned to it, and the
effective roles you get would be the union of the roles from your user
record plus the roles from the _anon user.

That might mean reading the _anon record from the _users database.  That
will always be the same record, so is bound to be cached.

Regards,

Brian.

Mime
View raw message