couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Stott <nrst...@gmail.com>
Subject Re: Common security pattern?
Date Sun, 03 Jan 2010 21:10:34 GMT
If a user can access a document via Futon, he can access via the CouchDB API
if he knows what he's doing.  The data is exposed one way or the other if
you store it in documents that users can access.  There is no key-level
protection on a document that I am aware of.  Correct me if I'm wrong,
someone.

On Sun, Jan 3, 2010 at 2:07 PM, Sam Bisbee <sbisbee@computervip.com> wrote:

> On Sun, Jan 03, 2010 at 11:40:32AM -0800, Chris Anderson wrote:
> > I'd avoid thinking that hiding Futon provides security. Ideally users
> > would be able to get into the data via Futon if they choose. If you
> > structure your validation functions properly, this should be
> > completely secure (more secure than an http-proxy based authorization
> > model).
>
> This strikes me as an odd and interesting proposition (read: the good
> kind).
>
> I can think of plenty of cases where I don't want users to see all the data
> that I have related to them: ex., hashed/crypted passwords, analytics,
> various
> types of scores/weights, my profit margin on their purchases, etc. Allowing
> users to inspect documents about themselves through Futon would allow them
> to
> see all those goodies.
>
> Also, I have always been of the mind that even if something doesn't
> inherently
> cause a security flaw, that you shouldn't give it to your users if you
> don't
> need to (users are too good at breaking things in ways that you don't
> expect,
> especially the malicious ones).
>
> Not that I'm not a fan of open APIs (actually, I'm a huge fan), but even
> those
> enforce validation/rules.
>
> Or were you discussing a specific use case?
>
> Cheers,
>
> --
> Sam Bisbee
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message