Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 35572 invoked from network); 15 Feb 2009 22:57:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Feb 2009 22:57:47 -0000 Received: (qmail 90575 invoked by uid 500); 15 Feb 2009 22:57:45 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 90540 invoked by uid 500); 15 Feb 2009 22:57:45 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 90528 invoked by uid 99); 15 Feb 2009 22:57:45 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Feb 2009 14:57:45 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=FS_REPLICA,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jchris@gmail.com designates 209.85.221.21 as permitted sender) Received: from [209.85.221.21] (HELO mail-qy0-f21.google.com) (209.85.221.21) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Feb 2009 22:57:35 +0000 Received: by qyk14 with SMTP id 14so2611122qyk.11 for ; Sun, 15 Feb 2009 14:57:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=gWctf08HTYHLhLxuD/eeO5m5msMbKr10VpZxu1uZv4Q=; b=ZeheniM3YoC/5HLRnspA3ldQ0SUHEt3A8WKM3s7G2UUY9n02c2pKK1rUeWOPneT+tJ PlVpDHr7GCKN5Uq72k6s53rUTChKW5ZHQMv9aYxBUUw2tY4FF0hCzAu97dEAWtbU0vlA pXD07nOzXQeIBk8xS6nP6AQpHEp/IL8Ah+WdM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=BoT72iEEog15N0KA12q/Y5dTf9OXEDZDn4O2srTT1UNtpDfYPHHaBzFUSNljVV+ISH 96ObHctq/nc0S8GGrMoW57Xh5NHe+6JawelTO9gqovn7J5/Vg0A/LKrVwMqpc7jmOgSX ydGch12bfoXvlURsSr+ix1rIismjupF00ZKc8= MIME-Version: 1.0 Sender: jchris@gmail.com Received: by 10.224.2.74 with SMTP id 10mr6884324qai.258.1234738629207; Sun, 15 Feb 2009 14:57:09 -0800 (PST) In-Reply-To: <8B682F8E-52E1-4A41-BDA9-5168FFAC3E0A@mooseyard.com> References: <7C8D756C-FD0A-4665-8583-49F992973138@mooseyard.com> <5118A1E1-A51C-4722-BBA8-71F6FAF6B181@apache.org> <09BA5434-3B20-42D0-8450-06E25993BF9C@mooseyard.com> <9E984EC0-80EE-4A1F-8E9A-35E5E9C139B9@apache.org> <201E60EA-30E9-4B3A-A994-3688A8544BCA@apache.org> <8B682F8E-52E1-4A41-BDA9-5168FFAC3E0A@mooseyard.com> Date: Sun, 15 Feb 2009 14:57:09 -0800 X-Google-Sender-Auth: 5847f39af75433cd Message-ID: Subject: Re: Getting "unauthorized" errors replicating from jchris's twitter-client-design From: Chris Anderson To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On Sun, Feb 15, 2009 at 2:46 PM, Jens Alfke wrote: > > On Feb 15, 2009, at 2:30 PM, Damien Katz wrote: > >> Jan is correct. This looks to be because design doc is replicating, which >> requires a security check. If the target replica has on admin security >> turned, this will break. The security patch is meant to deal with these >> issues. > > By "target" do you mean the source or destination of the replication? The > destination db (mine) has access protection enabled too, but from Jan's > previous answer it sounded like the issue was with the source db (jchris's > public server) being write-access controlled. > The issue is that the validation function does not allow docs to be saved by other users than than the user listed as the doc author. This makes total sense for editing docs, but breaks down in that it does not allow docs created by the author on my machine, to be saved by replication into the db on your machine, unless you are logged into your machine as me. (OK I just realized that I'm probably talkng about Sofa's db http://jchrisa.net/drl and not the Twitter client. The twitter-client design doc http://jchrisa.net/twitter-client/_design/twitter-client has no validation function. It could be a different issue. Also my couch is running on not-quite-trunk ATM... Chris -- Chris Anderson http://jchris.mfdz.com