couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nebu Pookins <>
Subject Re: Question about validator functions and replication
Date Tue, 29 Mar 2011 13:19:53 GMT
On Tue, Mar 29, 2011 at 8:54 AM, Robert Newson <> wrote:
> You can get read access control by separating each users documents
> into a separate database.

This solution gets tricky if there are "shared" documents, though.
You'd basically need one database for each possible grouping of users.
I.e. with N users, you'd need 2^N databases.

> I'm curious to know where you store the encryption keys such that no
> user can access the key of another user. Whatever you did to solve
> that would seem to be sufficient to prevent the access you were
> concerned about in the first place. Presumably there's also a
> different key per user?

You basically need to use public key encryption. Each user has their
private key which they keep secret, and the public keys are accessible
to everyone and probably stored in the DB itself (so that the DB
software can also generate documents encrypted towards specific sets
of users).

- Nebu

View raw message