couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Reynaud, Claire" <Claire.Reyn...@epyx.ch>
Subject Mobile replication when there is read access control per document on the server side
Date Thu, 06 Oct 2011 07:23:11 GMT
Hi,

We are investigating the viability of replication with android and iOS
couchbase when there is read access control per document on the server
side.

Right now we have implemented an android application that replicates a
server couchdb database to the mobile and it works pretty well.

Problem is that now we want to add read access control on the server
side, but we don't know what is the best alternative to still be able
to replicate on the mobile devices.

Here is what we found so far on this subject:
http://wiki.apache.org/couchdb/PerDocumentAuthorization. Also
http://stackoverflow.com/questions/4730621/couchdb-prevent-unauthorized-reads.

The 2 solutions we are investigating so far are:
1) adding a tier above couchdb on the server side that is some kind of
json firewall, to filter out json documents that the user cannot read.
2) create one database per user on the server side, as couchdb read
access control is per database.
In both cases we would add some ACL on each document to know which
user/group can read it.

Problem with 1) is it is quite difficult to correctly filter all the
requests that the mobile replicator will send to the server.

With 2) we have some public documents that all user can read, plus
some documents owned by each user. So we will have to put filtered
replication between all the user databases in addition to the
replication to the usual site to site replication. So we wonder how
this scales.

Any advice on which solution to go for? Did anyone successfully put in
place mobile replication with document read access control on the
server side?

Thanks,
Claire

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message