couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <>
Subject Re: Server Side Language Confusion
Date Wed, 10 Mar 2010 18:25:24 GMT

On Mar 10, 2010, at 10:09 AM, Justin Stanczak wrote:

> On Wed, Mar 10, 2010 at 12:51 PM, J Chris Anderson <> wrote:
>> The soon to be released CouchDB 0.11 actually has a robust authorization
>> and authentication system built-in. Read-access control is on a per-database
>> basis, so you may end up using a database-per-user programming model.
>> CouchDB has been tested with millions of databases on a single server, no
>> problem, so this model is practical and supported.
>> If I were going to use a middle tier layer I'd use Node.js. Generally
>> though a middle tier will just introduce scaling difficulties and muddy the
>> waters around security. Node.js (or other languages) still makes a lot of
>> sense for backend asynchronous processing, of course.
> Node.js? This? I have not used this before. I'll look into it. Are you
> saying proxy a server, or use this server side?
> **
>> If you are interested in pure-CouchDB applications take a look at the
>> CouchApp project [1] or see my blog (itself a pure CouchApp) for posts
>> relating to the idea. [2]
> Yes I used this. I've created a few example apps following along with the
> book. I understand the idea, but I'm having trouble wrapping my mind around
> opening the database to the world accessing my pages from it. Right there
> with all the data. You're saying the 0.11 will cure all those concerns? I'm
> sure I'm not the first of last to say that.

No, it won't cure all the concerns. There are absolutely apps that will benefit from a server
side component for additional business logic and security. For those you should use whatever
you are comfortable with, but recognize that non-blocking IO models are a better fit for CouchDB's

However, my gamble is that many more apps than people realize, are amendable to a pure-Couch
approach. If you aren't up for experimenting and want to stay in familiar territory, its probably
better to use an app layer. But if you have specific concerns about the security model and
how it applies to your use case, asking questions here is a good start.


View raw message