couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: all_or_nothing=true and replication
Date Tue, 03 Nov 2009 20:56:31 GMT
On Tue, Nov 03, 2009 at 09:44:44AM -0500, Adam Kocoloski wrote:
>> On a related point: is it possible to configure a database to stop  
>> people
>> *pulling* certain documents? For example, if I want to allow people to 
>> read
>> and replicate user documents but not _design documents?
>
> Not at the moment.  We've had some proposals for document-granularity  
> ACLs.  The sticking point often ends up being the view indexing -- e.g. 
> what privileges does it have, and how do we keep it from exposing data 
> that would otherwise be restricted from a user?

Here's a simple suggestion.

1. just let views work as normal; except
2. prevent include_docs=true working for docs which the user would not be
   able to retrieve otherwise

For people who don't care that things may appear in the index which the user
can't subsequently retrieve, that's fine.

For people who do care, perhaps they can block direct access to the view and
force the user to go via a _list function which filters it.

For me, I only care that _design docs aren't visible, and those don't end up
in views anyway. Unfortunately, just blocking URLs with _design isn't
sufficient protection, since there are other ways of getting them, e.g. via
_all_docs

The only solution I can think of for now is to do a partial replication to
another database, and let users pull from that one.

Regards,

Brian.

Mime
View raw message