Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 65548 invoked from network); 3 Nov 2009 09:43:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Nov 2009 09:43:40 -0000 Received: (qmail 1048 invoked by uid 500); 3 Nov 2009 09:43:38 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 957 invoked by uid 500); 3 Nov 2009 09:43:38 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 943 invoked by uid 99); 3 Nov 2009 09:43:37 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Nov 2009 09:43:37 +0000 X-ASF-Spam-Status: No, hits=-2.0 required=5.0 tests=AWL,BAYES_00,FS_REPLICA X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of b.candler@pobox.com designates 64.74.157.62 as permitted sender) Received: from [64.74.157.62] (HELO sasl.smtp.pobox.com) (64.74.157.62) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Nov 2009 09:43:35 +0000 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 07052906D7; Tue, 3 Nov 2009 04:43:13 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :cc:subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=rx9R6nQMgs7lfIjFsoyHfRHttk0=; b=PgfwH5d 1HuPoel2VmkSsAfwan8h4pA3OOttwRfBFL4GmuVKdxV8Svyn9F8qv9YekrASWgLZ 02H7C3AzS61/8aRoPnAiP0pCxdJjQFzQ8ZUx6JETJME/O3CkYx2A6crmhBltrA4i ZN83euA9Yv6nxahOU8YEnK/JYAhby4biMudY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to:cc :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=p21x/pM5fNVenQQkCttEe2RYT5eHsBJ54 gkLVto/SSqSEcMQ75Folffr1VqNwAXsNV3gH0AZAHaSmI5rPbY2jLlh0j+tIOPy+ ZmMckOJTcpqCZ8nEBoi+u4nQm8KtYsljZayXqRWcx2hCtPiIDimuvpVm8+c/qYEh 6pAv0Cbxs0= Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id EA4B1906D6; Tue, 3 Nov 2009 04:43:11 -0500 (EST) Received: from mappit (unknown [80.45.95.114]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 6612C906D5; Tue, 3 Nov 2009 04:43:10 -0500 (EST) Received: from brian by mappit with local (Exim 4.69) (envelope-from ) id 1N5Fuu-0002jf-I5; Tue, 03 Nov 2009 09:43:08 +0000 Date: Tue, 3 Nov 2009 09:43:08 +0000 From: Brian Candler To: Damien Katz Cc: user@couchdb.apache.org Subject: Re: all_or_nothing=true and replication Message-ID: <20091103094308.GC9729@uk.tiscali.com> References: <01DCAC9E-0125-46EA-876E-12B685C40DFC@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01DCAC9E-0125-46EA-876E-12B685C40DFC@apache.org> User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-Pobox-Relay-ID: 4D205686-C85D-11DE-8E5C-A67CBBB5EC2E-28021239!a-pb-sasl-sd.pobox.com On Sun, Nov 01, 2009 at 05:36:18PM -0500, Damien Katz wrote: > Yes, you can make a situation where somehow a user has legal updates to > certain conflicts, but not others, on a particular node A. On some other > node B, somehow the security was different and he was allowed to update > all the docs. Then an attempt to merge all the conflicts into the > document the user didn't really have edit access too will not be > replicated from node B to node A. > > It's a contrived situation, but possible with misconfigured or updated > security settings that haven't propagated. This is definitely something that I need to add to the Replication_and_conflicts page. When you talk about security mechanisms, I know of "validate_doc_update", but are there other things which can affect whether a document is replicated or not? (e.g. I've heard talk of a filtered _changes feed, I don't know if that's implemented yet). I'd like to make sure I cover all bases. On a related point: is it possible to configure a database to stop people *pulling* certain documents? For example, if I want to allow people to read and replicate user documents but not _design documents? Thanks, Brian.