couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Garren Smith <gar...@apache.org>
Subject Re: System DB for Fauxton
Date Fri, 15 Jul 2016 09:23:24 GMT
I was speaking to Jan about this in #couchdb-dev. He makes some very
important points:

+jan____> thing is, fauxton runs under the security context of the logged
in user
11:12 J<+jan____> so each user would need their own fauxton db
11:12 J<+jan____> or we bleed info
11:12 J<+jan____> or it is admin only
11:13 J<+jan____> but then, multiple admin accounts are possible, and
they’d share it
11:13 J<+jan____> I wonder if a browser-local PouchDB instance is the
better option

A PouchDB instance might be better but then a user loses their info when
they change browsers. Otherwise Jan mentioned a db-per-user which could
also work really well.

On Fri, Jul 15, 2016 at 11:03 AM, Garren Smith <garren@apache.org> wrote:

> Markus, good points. I'm definitely +1 for the idea. Like Samuel says,
> storing notifications would be excellent. It would definitely allow us to
> improve the user experience.
>
> Cheers
> Garren
>
> On Fri, Jul 15, 2016 at 8:45 AM, Samuel Kidman <samkidman@gmail.com>
> wrote:
>
>> It would be nice to store notifications in such a database. Admins could
>> then see which actions have been undertaken through fauxton and by whom.
>>
>> On 15 July 2016 at 06:25, Markus Fischböck <m.fischboeck@gmail.com>
>> wrote:
>>
>> > Hi Garren,
>> >
>> > I guess that depends on how sensitive the data in there would be. It's
>> not
>> > planned to store any passwords for remote servers, so the user would
>> need
>> > to enter those upon each replication. So in the worst case a user would
>> > only see bookmarked databases on a remote server but would not be able
>> to
>> > access them. Given the fact that the same behavior is present on a local
>> > machine I would assume this to be OK.
>> > From what I can tell with my limited knowledge of the internals it's
>> > currently not possible to secure specific documents and would probably
>> > cause some interference with replication as well.
>> > So my solution would be to simply not store any sensitive there.
>> >
>> > Regards,
>> > Markus
>> >
>> >
>> >
>> > On 14.07.2016 12:19, Garren Smith wrote:
>> >
>> >> Hi Markus,
>> >>
>> >> I like the idea of a Fauxton system database. I think we could store
>> some
>> >> useful things in there. But how would we manage security and
>> permissions
>> >> on
>> >> the database?
>> >> Would one user be able to see bookmarks for another use when viewing
>> that
>> >> database?
>> >>
>> >> Cheers
>> >> Garren
>> >>
>> >> On Tue, Jul 12, 2016 at 9:54 PM, Markus Fischböck <
>> m.fischboeck@gmail.com
>> >> >
>> >> wrote:
>> >>
>> >> Hi everyone!
>> >>>
>> >>> I'm currently working on a new replicator add-on for the Fauxton UI.
>> One
>> >>> of the features I'd like to implement is a bookmark manager where a
>> user
>> >>> can create and save bookmarks in order to have them for quick access,
>> >>> when selecting hosts/databases during replication. This saves the user
>> >>> the hastle to remember the full URL to any source/target database
>> he/she
>> >>> want's to replicate from.
>> >>>
>> >>> I had a discussion lately with Robert Kowalski where to store those
>> >>> bookmarks and I had a couple of ideas in mind:
>> >>> a) Saving the bookmarks on the local storage of the browser => this
is
>> >>> the least desired option, since the bookmarks would only be available
>> on
>> >>> the current browser.
>> >>>
>> >>> b) Saving the bookmarks in the users document in the _user Database
=>
>> >>> Not really nice, since we would pollute the user object with data from
>> >>> Fauxton. I guess it's not supposed to work that way.
>> >>>
>> >>> c) Having a fauxton related system database (e.g. _fauxton) where we
>> can
>> >>> store UI related data. For now this would be bookmarks, but could come
>> >>> in handy for other purposes like UI settings and that a like.
>> >>>
>> >>> I wanted to ask, if it would be possible (and desireable) to add such
>> a
>> >>> system database for the Fauxton project.
>> >>>
>> >>> Kind Regards,
>> >>> Markus
>> >>>
>> >>>
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message