couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Matteis <>
Subject Re: Request object in validate_doc_update
Date Mon, 28 May 2012 21:26:09 GMT
Yes, I already use update handlers for the voting, but as you said,
someone could easily bypass it by directly updating the document.

I mean, validate_doc_update's already contain logic that restrict
certain actions based on the userCtx (which is some information
contained in the request), so why not give the IP address of the
request as well? This would allow the creation of even more powerful

On Mon, May 28, 2012 at 5:46 PM, Robert Newson <> wrote:
> You can achieve this with an update handler
> ( but it could
> be bypassed by a savvy user. I don't see why a validate_doc_update
> function couldn't enforce this it if had access to the req object. I'm
> +1.
> B.
> On 28 May 2012 16:06, Luca Matteis <> wrote:
>> Sure. For example I'm allowing my users to vote on certain "items" in
>> my database. This will allow me to understand the amount of
>> satisfaction of these items. I can easily validate and make sure each
>> user is commenting only once, however, someone might simply create a
>> new account and re-vote for that item. This defeats the purpose of the
>> voting system.
>> My solution would be to check based on the IP of the voter, no matter
>> what user they're logged in with.
>> Does this make sense? Thanks.
>> On Mon, May 28, 2012 at 3:50 PM, Robert Newson <> wrote:
>>> I fear I've derailed this thread, so let's shelve the admin@
>>> idea for another time and thread.
>>> To address the original question;
>>> "I have a scenario where I'm building a CouchApp that needs to deny
>>> certain behavior from happening based on the user's IP address.
>>> Would it be good to consider this as a new feature to be implemented?"
>>> Being able to build richer applications within the 2-tier couchapp
>>> model is a project goal so I'm generally for the proposal to expose
>>> the req object in VDU (since you can access it in show and list and it
>>> seems to break nothing). I suspect the full feature set required for
>>> your application to not require a proxy or firewall has not been
>>> spelled out in detail and, I further suspect, some of it will be
>>> better done with a firewall.
>>> Could you expand on the 'certain behavior' that should be restricted
>>> based on IP? A few examples would help.
>>> B.
>>> On 28 May 2012 14:38, Simon Metson <> wrote:
>>>> Hi,
>>>> On Monday, 28 May 2012 at 14:12, Robert Newson wrote:
>>>>> The other proposal might be to allow the granting of
>>>>> rights by IP address, much as MySQL does. In fact, I believe this idea
>>>>> is part of the Summit proposal to enhance our security model. I should
>>>>> be able to grant _admin rights to a user if and only if they come from
>>>>>, for example.
>>>> We wrote something like this for our deployment at CERN. I thought it had
been contributed back to the trunk, but maybe it got lost along the way. I'll see if I can
find out the status of it.
>>>> Cheers
>>>> Simon

View raw message