couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gonzalez <gonva...@gonvaled.com>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Thu, 07 Mar 2013 15:37:36 GMT
Well, if things were always so easy!

We have this scenario: our webapp has to server data to different
organizations (hopefully thousands, if our product sells well). That means
we can not partition data in different databases: it would be a maintenance
nightmare. can somebody tell me how to:

   - upgrade the design docs in 1000 databases without going crazy?
   - How to backup them?
   - ...

I mean, the more databases you have, the more complicated maintenance
becomes. Maybe that can be automated, but it is not easy out of the box.

Besides, I do not want to implement the following:

   - new organization signs-up
   - we create a new database for it
   - we upload the design documens
   - we trigger those documents

I mean, it is probably doable, but I am not walking that path right now.
So, the only way that I know of in which we can partition the data is by
having an application server in front of couch: a single database for all
customers, with access control implemented via view filtering with the
org_id as key. The user has no direct access to couch.

On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson <rnewson@apache.org> wrote:

> Don't grant users access to databases you don't want them to read. :)
>
> http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization
>
> B.
>
> On 6 March 2013 12:33, Mark Hahn <mark@hahnca.com> wrote:
> > Anyone logged in can read any document in the DB.  I have to check each
> > user and what they are trying to do to block illegal actions.
> >
> >
> > On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnewson@apache.org>
> wrote:
> >
> >> "How does everyone solve the security issue?"
> >>
> >> What security problem? Only administrators can modify design documents.
> >>
> >> B.
> >>
> >> On 6 March 2013 11:38, Aurélien Bénel <aurelien.benel@utt.fr> wrote:
> >> > Hi,
> >> >
> >> >> just out of curiosity, would like to hear how CouchDB is being used
> in
> >> your web environment....
> >> >
> >> > We have two main setups:
> >> > - CouchApps,
> >> > - REST APIs used by heavy clients (Java or Firefox extensions) and
> >> attached Web applications.
> >> >
> >> >> How does everyone solve the security issue?
> >> >
> >> > We always use CouchDB behind a reverse proxy to add LDAP
> authentication
> >> and authorization when needed.
> >> >
> >> >
> >> > Regards,
> >> >
> >> > Aurélien
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message