couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Charette <ioma...@yahoo.com>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Thu, 07 Mar 2013 17:38:17 GMT
I use pure couchapps backed by node processes for transactions.
I use kanso to manage my couchapps.  May switch to just grunt and manage packages on npm.

For security everything goes through rewrites then design doc shows, lists, updates.  This
messes up my ability to upload attachments since I need secure_rewrites.  I am currently working
through the database per user setup as well.

Also would love to hear how people are using externals.  I am passing transactions request
directly to externals then to node, but have only been able to do GET request.  Finally, I
set the state of a document on couch when the node process is complete.  I do have a question
of how people are authenticating back to couchdb.  Is the AuthSession cookie enough?

Jeff Charette | Principal 
We Are Charette
web / identity / packaging

m  415.298.2707
w  wearecharette.com
e   jeffrey@wearecharette.com

On Mar 7, 2013, at 10:57 AM, svilen <az@svilendobrev.com> wrote:

> probably, for going this way, one might use non-blocking
> long_poll webframework like python/Tornado to wrap couchdb
> replication/changes feed too. Thus something like
> http:(someuserauth)//appserver/mychannel can route to couchdb's
> changes for that database - or even aggregation - for that user even
> if notion of user is not at all couchdb's one.
> haven't tried it though.
> 
> On Fri, 8 Mar 2013 00:47:38 +0900
> TAE JIN KIM <snowebang@hotmail.com> wrote:
> 
>> Daniel,
>> 
>> So basically, what you r saying is that you put application layer in
>> front of couch, so user no direct access to the couch.. Right?..I
>> think you did pretty much similar thing #2 in my original post...
>> BTW, just out of curiosity,  by doing this, any performance
>> degradation / or any trouble stuff you may have to face with
>> something you might had not expected at all ?...
>> 
>> Thanks,
>> 
>>> From: gonvaled@gonvaled.com
>>> Date: Thu, 7 Mar 2013 16:37:36 +0100
>>> Subject: Re: Curiosity how you use CouchDB in your web env.
>>> To: user@couchdb.apache.org
>>> 
>>> Well, if things were always so easy!
>>> 
>>> We have this scenario: our webapp has to server data to different
>>> organizations (hopefully thousands, if our product sells well).
>>> That means we can not partition data in different databases: it
>>> would be a maintenance nightmare. can somebody tell me how to:
>>> 
>>>   - upgrade the design docs in 1000 databases without going crazy?
>>>   - How to backup them?
>>>   - ...
>>> 
>>> I mean, the more databases you have, the more complicated
>>> maintenance becomes. Maybe that can be automated, but it is not
>>> easy out of the box.
>>> 
>>> Besides, I do not want to implement the following:
>>> 
>>>   - new organization signs-up
>>>   - we create a new database for it
>>>   - we upload the design documens
>>>   - we trigger those documents
>>> 
>>> I mean, it is probably doable, but I am not walking that path right
>>> now. So, the only way that I know of in which we can partition the
>>> data is by having an application server in front of couch: a single
>>> database for all customers, with access control implemented via
>>> view filtering with the org_id as key. The user has no direct
>>> access to couch.
>>> 
>>> On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson <rnewson@apache.org>
>>> wrote:
>>> 
>>>> Don't grant users access to databases you don't want them to
>>>> read. :)
>>>> 
>>>> http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization
>>>> 
>>>> B.
>>>> 
>>>> On 6 March 2013 12:33, Mark Hahn <mark@hahnca.com> wrote:
>>>>> Anyone logged in can read any document in the DB.  I have to
>>>>> check each user and what they are trying to do to block illegal
>>>>> actions.
>>>>> 
>>>>> 
>>>>> On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson
>>>>> <rnewson@apache.org>
>>>> wrote:
>>>>> 
>>>>>> "How does everyone solve the security issue?"
>>>>>> 
>>>>>> What security problem? Only administrators can modify design
>>>>>> documents.
>>>>>> 
>>>>>> B.
>>>>>> 
>>>>>> On 6 March 2013 11:38, Aurélien Bénel <aurelien.benel@utt.fr>
>>>>>> wrote:
>>>>>>> Hi,
>>>>>>> 
>>>>>>>> just out of curiosity, would like to hear how CouchDB is
>>>>>>>> being used
>>>> in
>>>>>> your web environment....
>>>>>>> 
>>>>>>> We have two main setups:
>>>>>>> - CouchApps,
>>>>>>> - REST APIs used by heavy clients (Java or Firefox
>>>>>>> extensions) and
>>>>>> attached Web applications.
>>>>>>> 
>>>>>>>> How does everyone solve the security issue?
>>>>>>> 
>>>>>>> We always use CouchDB behind a reverse proxy to add LDAP
>>>> authentication
>>>>>> and authorization when needed.
>>>>>>> 
>>>>>>> 
>>>>>>> Regards,
>>>>>>> 
>>>>>>> Aurélien
>>>>>> 
>>>> 
>> 		 	   		  


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message