couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Davis <paul.joseph.da...@gmail.com>
Subject Re: Request object in validate_doc_update
Date Mon, 28 May 2012 21:52:36 GMT
This would be nice but not every replication request happens through
the HTTP layer. Local replications have no notion of a request so I'm
not sure what you'd put in there.

On Mon, May 28, 2012 at 4:26 PM, Luca Matteis <lmatteis@gmail.com> wrote:
> Yes, I already use update handlers for the voting, but as you said,
> someone could easily bypass it by directly updating the document.
>
> I mean, validate_doc_update's already contain logic that restrict
> certain actions based on the userCtx (which is some information
> contained in the request), so why not give the IP address of the
> request as well? This would allow the creation of even more powerful
> Couchapps.
>
> On Mon, May 28, 2012 at 5:46 PM, Robert Newson <rnewson@apache.org> wrote:
>> You can achieve this with an update handler
>> (http://wiki.apache.org/couchdb/Document_Update_Handlers) but it could
>> be bypassed by a savvy user. I don't see why a validate_doc_update
>> function couldn't enforce this it if had access to the req object. I'm
>> +1.
>>
>> B.
>>
>> On 28 May 2012 16:06, Luca Matteis <lmatteis@gmail.com> wrote:
>>> Sure. For example I'm allowing my users to vote on certain "items" in
>>> my database. This will allow me to understand the amount of
>>> satisfaction of these items. I can easily validate and make sure each
>>> user is commenting only once, however, someone might simply create a
>>> new account and re-vote for that item. This defeats the purpose of the
>>> voting system.
>>> My solution would be to check based on the IP of the voter, no matter
>>> what user they're logged in with.
>>>
>>> Does this make sense? Thanks.
>>>
>>> On Mon, May 28, 2012 at 3:50 PM, Robert Newson <rnewson@apache.org> wrote:
>>>> I fear I've derailed this thread, so let's shelve the admin@127.0.0.1
>>>> idea for another time and thread.
>>>>
>>>> To address the original question;
>>>>
>>>> "I have a scenario where I'm building a CouchApp that needs to deny
>>>> certain behavior from happening based on the user's IP address.
>>>> Would it be good to consider this as a new feature to be implemented?"
>>>>
>>>> Being able to build richer applications within the 2-tier couchapp
>>>> model is a project goal so I'm generally for the proposal to expose
>>>> the req object in VDU (since you can access it in show and list and it
>>>> seems to break nothing). I suspect the full feature set required for
>>>> your application to not require a proxy or firewall has not been
>>>> spelled out in detail and, I further suspect, some of it will be
>>>> better done with a firewall.
>>>>
>>>> Could you expand on the 'certain behavior' that should be restricted
>>>> based on IP? A few examples would help.
>>>>
>>>> B.
>>>>
>>>> On 28 May 2012 14:38, Simon Metson <simon@cloudant.com> wrote:
>>>>> Hi,
>>>>>
>>>>>
>>>>> On Monday, 28 May 2012 at 14:12, Robert Newson wrote:
>>>>>
>>>>>> The other proposal might be to allow the granting of
>>>>>> rights by IP address, much as MySQL does. In fact, I believe this
idea
>>>>>> is part of the Summit proposal to enhance our security model. I should
>>>>>> be able to grant _admin rights to a user if and only if they come
from
>>>>>> 127.0.0.1, for example.
>>>>>
>>>>> We wrote something like this for our deployment at CERN. I thought it
had been contributed back to the trunk, but maybe it got lost along the way. I'll see if I
can find out the status of it.
>>>>> Cheers
>>>>> Simon

Mime
View raw message