On Sun, Jan 03, 2010 at 01:18:26PM -0800, Chris Anderson wrote:
> On Sun, Jan 3, 2010 at 1:10 PM, Nathan Stott <nrstott@gmail.com> wrote:
> > If a user can access a document via Futon, he can access via the CouchDB API
> > if he knows what he's doing. The data is exposed one way or the other if
> > you store it in documents that users can access. There is no key-level
> > protection on a document that I am aware of. Correct me if I'm wrong,
> > someone.
> >
>
> There is key-level write protection. There is not key-level read
> protection, and there are no plans to add it.
>
> Per document read-control turns out to be extremely non-trivial (think
> about information leakage via reduce, etc) such that Lotus Notes never
> even got it right.
Out of interest, is there some documentation available on the subject (maybe a
CouchDB or Lotus Notes dev's blog post)? Also, I assume that this leakage would
only happen locally and isn't exposed to remote users?
Thanks,
--
Sam Bisbee
|