From user-return-17110-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Mon Jul 11 21:48:40 2011 Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C745F45C7 for ; Mon, 11 Jul 2011 21:48:40 +0000 (UTC) Received: (qmail 731 invoked by uid 500); 11 Jul 2011 21:48:39 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 537 invoked by uid 500); 11 Jul 2011 21:48:38 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 525 invoked by uid 99); 11 Jul 2011 21:48:38 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jul 2011 21:48:38 +0000 Received: from localhost (HELO mail-iy0-f180.google.com) (127.0.0.1) (smtp-auth username rnewson, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jul 2011 21:48:38 +0000 Received: by iyh42 with SMTP id 42so7826237iyh.11 for ; Mon, 11 Jul 2011 14:48:37 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.80.209 with SMTP id u17mr4807129ibk.184.1310420917402; Mon, 11 Jul 2011 14:48:37 -0700 (PDT) Received: by 10.231.145.67 with HTTP; Mon, 11 Jul 2011 14:48:37 -0700 (PDT) In-Reply-To: <27D42026-5335-4A62-B47C-A7DF2BA28EE9@supercoders.com.au> References: <27D42026-5335-4A62-B47C-A7DF2BA28EE9@supercoders.com.au> Date: Mon, 11 Jul 2011 22:48:37 +0100 Message-ID: Subject: Re: no 'writers' section in _security killing me From: Robert Newson To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable how would one replicate these write-only dropboxes? B. On 11 July 2011 22:13, Andrew Stuart (SuperCoders) wrote: > I've followed this thread but it's still somewhat unclear - > > -- is "write only" database access built in/easy to do, or must it be > enabled via some special external logic imposed at the application layer? > > as > > On 12/07/2011, at 6:39 AM, Jonathan Geddes wrote: > > One more possible solution: Could I use the rewriter to make sure that th= at > only POST and PUT go through to a given database? How secure is this > approach? > > --Jonathan > > On Mon, Jul 11, 2011 at 8:45 AM, Jonathan Geddes > wrote: > >> Thanks for the responses, everyone. >> >> So I've been using CouchDB for about a year, but I'm only now getting in= to >> the "2.1 Layer Architecture" (cutting back from a 3+ layer). >> >> Apparently I've been using readers and admins wrong all along. I thought >> that only admins could write documents. After all, why would I think tha= t >> 'readers' could write? I've been a victim of the misnomer! >> >> I still think that the dropbox feature would be immensely useful, and I >> still might take a whack at implementing it. >> >> Thanks for the clarification, >> >> --Jonathan >> >> >> On Mon, Jul 11, 2011 at 1:17 AM, Jason Smith wrote: >> >>> On Mon, Jul 11, 2011 at 12:17 PM, Jonathan Geddes >>> wrote: >>>>> >>>>> Fortunately, users with write access are not admins. They may not >>>>> modify design documents. All of their changes are subject to design >>>>> documents' validate_doc_update() function. >>>> >>>> I would be *overjoyed* to hear that you are right and the documentatio= n >>> >>> at >>>> >>>> [0] is wrong: >>>>> >>>>> database admins - Defined per database. They have all the privileges >>>> >>>> readers have plus the privileges: write (and edit) design documents, >>>> add/remove database admins and readers, set the database revisions lim= it >>>> >>>> (/somedb/_revs_limit API) and execute temporary views against the >>> >>> database >>>> >>>> (/somedb/_temp_view API). They can not create a database and neither >>> >>> delete >>>> >>>> a database. >>> >>> D'oh, Marcello posted a pithy and timely answer while I had lunch. >>> I'll send anyway. >>> >>> The typical setup is: >>> >>> * 1 server admin >>> * 0 or more database admins (name or roles in _security.admins) >>> * An admin deploys a design document >>> * Several normal users (name or roles in _security.readers but *not* >>> admins) >>> >>> "readers" is a misnomer. It really means "members." Read access is >>> database-wide, write access is at the pleasure of >>> validate_doc_update(). >>> >>> To that end, Chris changed CouchDB so that future releases will use >>> the "members" field. He committed his change last Thanksgiving >>> weekend. Thanks, Chris! >>> >>>> I'm gonna set up a little experiment in the morning (when I can think >>>> clearly) to find out for myself. The _revs_limit PI and temporary view= s >>> >>> are >>>> >>>> scary too. >>> >>> I strongly encourage an experiment. 15 or 20 minutes of poking around >>> will make things very clear. >>> >>> Cloudant has a brilliant UI to impose more intuitive and traditional >>> security policies for exactly this reason. >>> >>>>> I call it a 2.5-layer architecture >>>>> because there is no middleware, but it still requires a third >>>>> component, to watch over things. The drop box would be amazing; >>>>> however I am still happy with my architecture because bugs or crashes >>>>> in the third component are not so devastating to the user experience. >>>> >>>> The great thing about this architecture is that you can easily have >>> >>> CouchDB >>>> >>>> monitor the third party stuff and keep it running with external OS >>> >>> processes >>>> >>>> [1]. I like the term '2.5-layer' :D. >>> >>> Is it too late to change the name to "2.1-layer"? >>> >>> * Hints that the extra step is not going to break your back >>> * Kind of like 5.1 surround sound >>> >>>> By the way, why hasn't this been implimented before? It seems strange = to >>> >>> me. >>>> >>>> Is there something inherent in the architecture of CouchDB that makes >>> >>> this >>>> >>>> difficult? >>> >>> I think it is a matter of time. The people in a position to implement >>> it have not felt quite enough pressure. >>> >>> /me whistles innocently. >>> >>> -- >>> Iris Couch >>> >> >> > -- > Message =A0protected by MailGuard: e-mail anti-virus, anti-spam and conte= nt > filtering.http://www.mailguard.com.au/mg > Click here to report this message as spam: > https://login.mailguard.com.au/report/1CGUOUsAWN/2BVxdPfDhfeJK4SLOnz0gl/1 >