couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Bisbee <sbis...@computervip.com>
Subject Re: Common security pattern?
Date Sun, 03 Jan 2010 23:21:51 GMT
On Sun, Jan 03, 2010 at 01:18:26PM -0800, Chris Anderson wrote:
> On Sun, Jan 3, 2010 at 1:10 PM, Nathan Stott <nrstott@gmail.com> wrote:
> > If a user can access a document via Futon, he can access via the CouchDB API
> > if he knows what he's doing.  The data is exposed one way or the other if
> > you store it in documents that users can access.  There is no key-level
> > protection on a document that I am aware of.  Correct me if I'm wrong,
> > someone.
> >
> 
> There is key-level write protection. There is not key-level read
> protection, and there are no plans to add it.
> 
> Per document read-control turns out to be extremely non-trivial (think
> about information leakage via reduce, etc) such that Lotus Notes never
> even got it right.

Out of interest, is there some documentation available on the subject (maybe a
CouchDB or Lotus Notes dev's blog post)? Also, I assume that this leakage would
only happen locally and isn't exposed to remote users?

Thanks,

-- 
Sam Bisbee

Mime
View raw message