couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: PUT on _update/docid1 but create a new document with _id:docid2?
Date Fri, 19 Nov 2010 22:55:49 GMT

On 19 Nov 2010, at 23:48, Stefan Klein wrote:

> Hi Jan,
> 
> Am 19.11.2010 13:54, schrieb Jan Lehnardt:
>> Hi Stefan,
>> 
>> On 19 Nov 2010, at 11:55, Stefan Klein wrote:
>> 
>>> Hi List,
>>> 
>>> [ ... snip ...]
>>> Now i'm pretty unsure if this is an evil hack or even a bug in couchdb
>>> which get's fixed or if it's just a relay cool feature.
>> Looks like it is working as advertised :) — Beware though that if you allow
>> anyone to write to your database, people could run some arbitrary JavaScript
>> code. Worst that could happen though is making infinite loops that CouchDB
>> kills after 5 seconds and then make many of them concurrently, i.e. a
>> classical DoS situation.
>> 
>> If it's only you that talks to the database, this looks like a neat hack :)
>> 
>> Cheers
>> Jan
> Which can be handled by the validate function, only users with a specific role may create/update
documents of a special type.
> Thank you!

Actually, the validation function runs after the update function.

Cheers
Jan
-- 


Mime
View raw message