couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manokaran K <manoka...@gmail.com>
Subject Re: hidden fields in a document
Date Mon, 21 Jun 2010 07:15:36 GMT
On Mon, Jun 21, 2010 at 2:54 AM, Randall Leeds <randall.leeds@gmail.com>wrote:

> I suspect you could achieve what you're looking for with a rewrite
> handler[1] and a show function[2] that rewrites "/db/mydoc" to
> "/db/_design/safe/_show/document/mydoc".
>
>
But rewrites cannot be relied upon as a security measure. A user can bypass
it by requesting the view URL itself and be able to see the raw doc!

regds,
mano

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message