couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Davis <paul.joseph.da...@gmail.com>
Subject Re: The _security object should be versioned
Date Sat, 27 Aug 2011 05:57:15 GMT
On Sat, Aug 27, 2011 at 12:51 AM, Filipe David Manana
<fdmanana@apache.org> wrote:
> On Fri, Aug 26, 2011 at 10:36 PM, Paul Davis
> <paul.joseph.davis@gmail.com> wrote:
>> Imagine you have a phone with a CouchDB. And your friend says, "Just
>> replicate this photo album." But he's inserted a _security doc that
>> gives him permission to touch your private data. If someone said the
>> obvious answer is "have a validate_doc_update function," I would
>> obviously slap that person.
>
> That's why only a very special role could replicate it. I agree
> allowing it to replicate is very dangerous.
>

CouchDB replication is a bit weird because we always have to consider
to authorization levels, read source, and write target. That said, I
see it quite likely that users will say "I am admin on my couch,
REPLICATE ALL THE THINGS [1]." Which will inevitably lead to fucked
upedness that we have to hear about on IRC/dev@/JIRA.

[1] http://bit.ly/doONoe

>>
>> Never in no way ever should it be remotely possible to unknowingly
>> change authorization settings because your db accidentally slurped up
>> a _security doc.
>>
>>>>
>>>> --
>>>> Iris Couch
>>>>
>>>
>>>
>>>
>>> --
>>> Filipe David Manana,
>>> fdmanana@gmail.com, fdmanana@apache.org
>>>
>>> "Reasonable men adapt themselves to the world.
>>>  Unreasonable men adapt the world to themselves.
>>>  That's why all progress depends on unreasonable men."
>>>
>>
>
>
>
> --
> Filipe David Manana,
> fdmanana@gmail.com, fdmanana@apache.org
>
> "Reasonable men adapt themselves to the world.
>  Unreasonable men adapt the world to themselves.
>  That's why all progress depends on unreasonable men."
>

Mime
View raw message