couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Cohnen <sebastiancoh...@googlemail.com>
Subject Re: hidden fields in a document
Date Mon, 21 Jun 2010 07:41:34 GMT
what about adding a proxy and deny unauthorized access to restricted urls?

On 21.06.2010, at 09:15, Manokaran K wrote:

> On Mon, Jun 21, 2010 at 2:54 AM, Randall Leeds <randall.leeds@gmail.com>wrote:
> 
>> I suspect you could achieve what you're looking for with a rewrite
>> handler[1] and a show function[2] that rewrites "/db/mydoc" to
>> "/db/_design/safe/_show/document/mydoc".
>> 
>> 
> But rewrites cannot be relied upon as a security measure. A user can bypass
> it by requesting the view URL itself and be able to see the raw doc!
> 
> regds,
> mano


Mime
View raw message