couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eduardo Scoz <eduardos...@gmail.com>
Subject Re: App layer on top of replication
Date Thu, 06 Sep 2012 21:29:52 GMT
On Thu, Sep 6, 2012 at 4:04 PM, Dave Cottlehuber <dch@jsonified.com> wrote:

> On 6 September 2012 22:41, Eduardo Scoz <eduardoscoz@gmail.com> wrote:
> > Hi guys,
> >
> > Is there any way to put an app server between two CouchDB instances to
> > manage security during replication?
> >
> > I'm working on a mobile app using TouchDB (iOS and Android), and I'm
> > replicating the data back to the server using the normal CouchDB
> > replication. In my use case, user creates new documents locally on the
> > device, and syncs the DB with the host to push changes and get new
> > documents. Filtered replication works well for getting only important
> docs
> > and validate_doc_update is enough to prevent unauthorized writes, but
> that
> > still leaves the database open for anybody with an ID to read other
> user's
> > docs.
> >
> > My idea is to put CouchDB behind something like Nginx or NodeJS that
> would
> > intercept direct calls to the database, but still let replication work
> (as
> > described above). all_docs replication would also have to be disabled, I
> > guess.
> >
> > has anyone done anything like this? Any pointers on how one would make
> it?
> >
> > Thanks!
> >
> > Eduardo
>
> Hi Eduardo,
>
> Security is enforced at the DB level in CouchDB. Does your app architecture
> allow this?
>
> Fundamentally, the replicator is a clever, optimised HTTP client, so
> blocking all except
> the replicator will be very difficult, if not impossible.
>
> Any other ideas out there?
>
> A+
> Dave
>

My problem with the way couch implements security is that there's no
per-doc read validation, only on writes. A user either have full read
access, or no access at all (please correct me if I'm wrong).

A proposed solution by the couchbase guys is to have multiple databases,
one for each user, and then use replication to share the data, but this
seems unmanageable to me once you get thousands of users syncing docs
around.

The replicator also uses GETs on the documents to get their revisions,
though, no? I know it doesn't do it for new documents, but the filtered
replication would not cause that situation, I guess..

Thanks Dave!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message