couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nebu Pookins <nebupook...@gmail.com>
Subject Re: Question about validator functions and replication
Date Mon, 28 Mar 2011 15:30:35 GMT
On Fri, Mar 25, 2011 at 6:53 PM, Kamyar Navidan <kamyar.n@gmail.com> wrote:
> You may find this library useful if you want to go with solution 2:
>
> https://github.com/maxogden/ezcrypto-js

Thanks Kamyar,

The GitHub project's "about" section mentions "WARNING: JavaScript
crytography is still more or less the wild west. See this article for
a pretty decent explanation of what you are getting yourself into. Use
at your own risk.", and so I spent most of the article reading the
aforementioned "this article", as well as other articles on that site.
I think I've come to agree with the author in that trying to implement
a cryptographically secure application in pure JavaScript has got me
pretty nervous. He lists many additional issues that a JavaScript
based solution would have to solve that native apps would not need to
solve (http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/).
What I'm wondering now is if perhaps it might be worth the effort to
use the native labs, invoked by CouchDB via an Erlang-native bridge
API, and then exposing this API to the JavaScript functions embedded
in the views, so that we can rely tried-and-tested open source
cryptographic libraries reviewed and audited by professional
cryptographers.

Do you think there would be any interest from the CouchDB committer
community in pursuing this? It'll be a while before I can participate
in this, as I don't know any Erlang yet.

- Nebu

Mime
View raw message