couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Davis <paul.joseph.da...@gmail.com>
Subject Re: Need feedback on validate_doc_read
Date Tue, 28 Dec 2010 19:59:37 GMT
On Tue, Dec 28, 2010 at 2:50 PM, Bram Neijt <bneijt@gmail.com> wrote:
> Hi all,
>
> First of all, thank you all for your replies. I've had a great lot of
> fun working my way though Erlang, and I'm glad this patch may help in
> clearing up the question on whether this is something that should be
> on the CouchDB roadmap or not.
>
> Robert is completely right in pointing out that this does not protect
> views at all, (and I have not even tested it on show functions
> either). Protecting a view is not really possible as that would
> require a view per user/role, I can not think of any straight forward
> way of implementing that. Using a database per user is a solution
> here, because that forces a separate view cache as well.
>
> I'll clean up the patch using the comments given, which should make it
> possible for people to try the performance impact. I myself have never
> really cared for the performance impact. IMHO performance will be met
> as soon as the feature is accepted and used enough ;)
>
> Anybody wanting this feature should test the performance impact and
> convince as many people as possible!
>
> Greets,
>
> Bram

Me and Rob were doing random spitballing on IRC about how one might
use something like this to protect views. We ended up coming down on
having a function that takes the view URL and query string and does
the guards on that. As opposed to trying something ridiculous like a
row-based authorization based on doc ids or some such.

Also, for this to hit trunk its definitely going to need some
performance characterization for people to discuss on whether its a
good trade off. Anyone that wants to see this in trunk will have to
show that (especially when not used) it doesn't affect base
performance and that performance isn't *too* bad when it is being
used.

>
> On Tue, Dec 28, 2010 at 12:56 PM, Filipe David Manana
> <fdmanana@apache.org> wrote:
>> Hi Bram,
>>
>> I second what Paul and Robert said before.
>>
>> Here:
>> https://github.com/bneijt/couchdb/commit/5d53b79145a267d0f955668f0e7253b74cfda6cc#L3R127
>>
>> You're assuming Else is always {_, Doc} tuple, which is wrong. It
>> might be an error for e.g. You'll likely want to call
>> validate_doc_read for couch_db:open_doc_revs/3.
>>
>> Overall I'm not sure this as a feature that CouchDB needs, but that's
>> up to the community/PMCs to decide.
>>
>> Nevertheless, thanks for your efforts.
>>
>> On Mon, Dec 27, 2010 at 4:09 PM, Bram Neijt <bneijt@gmail.com> wrote:
>>> Hi all,
>>>
>>> After getting to know erlang the hard way, I've found a place to put
>>> in a patch and hook up validate_doc_read code.
>>>
>>> I've got a patch which implements a validate_doc_read in the same
>>> manner as validate_doc_update is implemented. The patch is available
>>> at
>>> https://github.com/bneijt/couchdb
>>>
>>> Things that are still on the TODO are the following:
>>> - Check the functioning when it comes to replication
>>> - Test the performance hit this will have on the server
>>> - Create a configuration option to enable or disable support for this
>>>
>>> An even bigger question is: is this a feature we would ever want in
>>> the mainstream couchdb releases? Is this something the couchdb team
>>> would like to support?
>>>
>>> But appart from that question, I would love some feedback on the
>>> implementation, the erlang and structure of it all, so please consider
>>> checking it out and posting some comments.
>>>
>>> Greets,
>>>
>>> Bram
>>>
>>>
>>> On Tue, Dec 7, 2010 at 1:18 PM, Bram Neijt <bneijt@gmail.com> wrote:
>>>> Dear developers,
>>>>
>>>>
>>>> After going into the theoretical depths[1] of what performance hits
>>>> there may be and how replication will be affected, I've decided to
>>>> just implement a simple solution and see how far I can get.
>>>>
>>>> I've decided to try to implement a validate_doc_get function, in the
>>>> same manner as the validate_doc_update has been implemented. I've been
>>>> reading the code and I've gotten as far as finding
>>>> prep_and_validate_updates and handle_doc_show and I'm now thinking of
>>>> copying and pasting some logic in to see where it gets me.
>>>>
>>>> I would love some advice on the matter and welcome any comments/feedback.
>>>>
>>>>
>>>> Greets,
>>>>
>>>> Bram
>>>>
>>>> [1] http://wiki.apache.org/couchdb/PerDocumentAuthorization
>>>> PS If properly implemented, validate_doc_get will not fix all problems
>>>> and you will still need a firewall like system, however it may give
>>>> some insight into where to go from there.
>>>>
>>>
>>
>>
>>
>> --
>> Filipe David Manana,
>> fdmanana@gmail.com, fdmanana@apache.org
>>
>> "Reasonable men adapt themselves to the world.
>>  Unreasonable men adapt the world to themselves.
>>  That's why all progress depends on unreasonable men."
>>
>

Mime
View raw message