couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Disabling doc include
Date Thu, 02 Jan 2014 10:09:46 GMT
On Thu, Jan 2, 2014 at 12:27 AM, Robert Newson <rnewson@apache.org> wrote:

> "there’s no notion of read-protection in CouchDB."
>
> There’s no document level read protection, but you can certainly grant or
> deny read access to users on a per database basis. That’s by design due to
> the ease that information could leak out through views (particularly reduce
> views). The restrictive proxy approach is brittle, it requires that you
> know all the URL patterns to block and keep them up to date when you
> upgrade CouchDB. It can work, it’s just not awesome.
>
> B.
>
>

There is also the coming validate_doc_read [1] function from rcouch. Not
sure  if it will be added in the final merge, but this something we could
investigate.

- benoit

[1]   https://github.com/refuge/rcouch/wiki/Validate-documents-on-read

 .
>
> On 1 Jan 2014, at 20:47, Jens Alfke <jens@couchbase.com> wrote:
>
> >
> > On Dec 31, 2013, at 1:44 AM, meredrica <stuff@meredrica.org> wrote:
> >
> >> I expose CouchDB directly to mobile clients and wanted to hide some
> >> information from them.
> >
> > You can’t really do that; there’s no notion of read-protection in
> CouchDB.
> > As a workaround you can put CouchDB behind a proxy or gateway, and
> restrict the URL patterns that clients are allowed to send.
> >
> > —Jens
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message