couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Davis <paul.joseph.da...@gmail.com>
Subject Re: The _security object should be versioned
Date Sat, 27 Aug 2011 05:38:17 GMT
On Fri, Aug 26, 2011 at 10:46 PM, Jason Smith <jhs@iriscouch.com> wrote:
> On Sat, Aug 27, 2011 at 10:17 AM, Filipe David Manana
> <fdmanana@apache.org> wrote:
>> On Fri, Aug 26, 2011 at 8:01 PM, Jason Smith <jhs@iriscouch.com> wrote:
>>> 1. Does this require updating the replicator to update _local docs correctly?
>>
>> Yes
>>
>>> 2. Only admins can change _security. But anybody with read access can
>>> change _local/*. Does couch special-case _local/security?
>>
>> My preference:
>>
>> _security would become a regular document (just a special id, which
>> starts with underscore).
>
> I vote: _local/security :P
>
> As-is, normal users could change the document (whatever its name).
>
> IMO, it should be a special case. Couch should breaks its own API a
> little and require an admin to modify it. In other words, the HTTP API
> gets simpler, document update logic gets more complex, for a net-win.
>
>> We can still cache the latest revision in the
>> db header, db updater state, whatever.
>>
>> This _security document (or perhaps any other starting with underscore
>> in the future), would only be replicable if the replication is
>> triggered by some special user with some special role (_admin,
>> _server_admin, whatever).
>>
>> Does it sound simple and satisfies people's needs?
>
> AFAIK, nobody wants security to ever replicate. Some people want to
> manually "sync" them as an application feature.
>
> --
> Iris Couch
>

Close. But I feel really, really dirty requiring admin access to
specific documents. Admin write access to _design/* is already dirty
enough.

Mime
View raw message