couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Florian Westreicher Bakk.techn." <st...@meredrica.org>
Subject Re: Disabling doc include
Date Thu, 02 Jan 2014 09:09:07 GMT
I put a design doc behind a desk record / virtual host, that should do the trick. The user
that is used by the app is read only 

Robert Newson <rnewson@apache.org> wrote:
>"there’s no notion of read-protection in CouchDB."
>
>There’s no document level read protection, but you can certainly grant
>or deny read access to users on a per database basis. That’s by design
>due to the ease that information could leak out through views
>(particularly reduce views). The restrictive proxy approach is brittle,
>it requires that you know all the URL patterns to block and keep them
>up to date when you upgrade CouchDB. It can work, it’s just not
>awesome.
>
>B.
>
> .
>
>On 1 Jan 2014, at 20:47, Jens Alfke <jens@couchbase.com> wrote:
>
>> 
>> On Dec 31, 2013, at 1:44 AM, meredrica <stuff@meredrica.org> wrote:
>> 
>>> I expose CouchDB directly to mobile clients and wanted to hide some 
>>> information from them.
>> 
>> You can’t really do that; there’s no notion of read-protection in
>CouchDB.
>> As a workaround you can put CouchDB behind a proxy or gateway, and
>restrict the URL patterns that clients are allowed to send.
>> 
>> —Jens
>> 

-- 
Sent from Kaiten Mail. Please excuse my brevity.

Mime
View raw message