couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <>
Subject Re: The replicator needs a superuser mode
Date Wed, 17 Aug 2011 16:26:48 GMT
On Aug 17, 2011, at 11:46 AM, Jean-Pierre Fiset wrote:

> I think that the operations of replication and backing up are quite different. Although
some are using the replication features for backing up, I tend to think of replication as
an operation taking place between two nodes that do not necessarily trust one another.

That's one possible use case for replication, but hardly the only one.  Anyway, if you don't
trust the replication then I certainly hope the replication doesn't use credentials that map
to _admin powers on your database.  If the replication doesn't have _admin powers it cannot
bypass validation.

> If what you are proposing is a special privilege given to the admin party, then I do
not have much of an issue with this, since administrators already have intimate access to
the server. However, the concept of creating a new "replicator" role, which would supersede
the validation functions is another thing.

Yes, I probably should have picked one approach and stuck with it.  Either way, my intent
was that a replicator could bypass validation only if an admin had given it credentials that
mapped to a powerful role (possibly _admin), *and* if the admin had explicitly asked for the
replicator to bypass validation.

> In applications that must ensure that some document types have a given structure, opening
the door to a user (and here I assume a user that attempts a replication from a different
node, not a local administrator performing a back up) to work around the validation function
is probably a bad idea.

That's not going to happen, unless you granted the user this really powerful role.  Don't
do that.

> If the validation function could not be counted on, it would really affect the way an
application must be written.

Understood, I'm certainly not asking for the replicator to bypass validations in general.

View raw message