couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filipe David Manana <fdman...@apache.org>
Subject Re: The _security object should be versioned
Date Sat, 27 Aug 2011 05:51:48 GMT
On Fri, Aug 26, 2011 at 10:36 PM, Paul Davis
<paul.joseph.davis@gmail.com> wrote:
> Imagine you have a phone with a CouchDB. And your friend says, "Just
> replicate this photo album." But he's inserted a _security doc that
> gives him permission to touch your private data. If someone said the
> obvious answer is "have a validate_doc_update function," I would
> obviously slap that person.

That's why only a very special role could replicate it. I agree
allowing it to replicate is very dangerous.

>
> Never in no way ever should it be remotely possible to unknowingly
> change authorization settings because your db accidentally slurped up
> a _security doc.
>
>>>
>>> --
>>> Iris Couch
>>>
>>
>>
>>
>> --
>> Filipe David Manana,
>> fdmanana@gmail.com, fdmanana@apache.org
>>
>> "Reasonable men adapt themselves to the world.
>>  Unreasonable men adapt the world to themselves.
>>  That's why all progress depends on unreasonable men."
>>
>



-- 
Filipe David Manana,
fdmanana@gmail.com, fdmanana@apache.org

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."

Mime
View raw message