couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Gabriel <a...@barbalex.ch>
Subject Re: Allow user-defined views
Date Fri, 28 Nov 2014 01:52:47 GMT
sounds like a very interesting application

seems like you dont care if the user has to wait for an index to be built
when the user creates a query

Alex


2014-11-28 2:23 GMT+01:00 Peter Grman <peter.grman@gmail.com>:

> Hi Alex,
>
> Yes, the users would be able to import different sets of data, which isn't
> relational, and use the platform to analyse it. The analysed data would be
> in 99% of the cases append only (+ removing old data) and the data can be
> defined by the user, as well as be hierarchical.
>
> When I thought about the system in the beginning, CouchDB seemed like an
> awesome choice as there would be only a couple of well defined queries and
> storage is generally cheap, I thought that CouchDB views and their caching
> are what I'm looking for.
>
> The problem is again only with people who want to trick the system. I would
> be also happy with a solution which would detect bad views ones they have
> been deployed (uses too much space, takes too long to compute) and
> deactivates and marks them for me to check. This way I could check those
> few people who try a DoS attack and ban them from the service.
>
> The additional main problem was, if it is really impossible to get data
> from a different database inside the view and if the user won't be able to
> access the underlying system, ..., or if it is just very difficult =>
> possible, if someone wants to do it they'll find a way. But after reading
> more and understanding more, how the views are executed using  evalcx I
> think the other problems aren't a big concern for me anymore, is that
> correct?.
>
> Although I've found in the code "if possible, use evalcx (not always
> available)" - how can I check that evalcx is available on my system? Or is
> it just a note for older distributions, nothing to be concerned about
> anymore?
>
> Thank you
>
> Cheers
> Peter
>
> On Fri Nov 28 2014 at 1:37:57 AM Alexander Gabriel <alex@barbalex.ch>
> wrote:
>
> > Hi Peter
> >
> > Will the users create their own datastructures too?
> > If not this sounds like sql on relational tables might be a better tool
> for
> > the problem.
> > It seems to me you're hitting exactly the weak point of most nosql
> > solutions.
> >
> > Alex
> >
> >
> > 2014-11-28 0:49 GMT+01:00 Peter Grman <peter.grman@gmail.com>:
> >
> > > Hi,
> > >
> > > this might sound like a terrible idea to someone who knows CouchDB, and
> > if
> > > that's the case, please just take a minute or two, to explain why,
> > > otherwise, if the idea isn't so crazy after all, I hope I'll get some
> > > solutions to my problem:
> > >
> > > I'm thinking of creating a platform based on CouchDB, where each set of
> > > users (group, customer, ...) would get their own CouchDB Database, to
> > store
> > > and query data. I've heard in a podcast, roughly a year ago, that this
> is
> > > how CouchDB was meant to be - many smaller databases.
> > >
> > > To query the data, I want to allow them, to define their own custom
> > > queries. Now I could (and want to) create a form which allows to build
> a
> > > query and translates it to a JS view, but I was thinking about
> > > additionally, on top of that, allowing them to define their custom
> views
> > > directly in JS. They would basically be allowed to define their custom
> > > Map/Reduce functions.
> > >
> > > There is a lot which can go wrong with this the worst ones I came up
> > with:
> > > - DoS attack with endless loops inside the function
> > > - DoS attack by emitting too much data (potentially in a loop again)
> > >
> > > As far as I've understood, it's not possible to access other Databases
> > from
> > > within the view, is this understanding of mine correct?
> > >
> > > Is it possible to access the filesystem or network services in any way
> > from
> > > the CouchDB view or is the JavaScript engine, which is running the
> code,
> > > limiting enough?
> > >
> > > Are there any other things which could go wrong? - or did actually
> > somebody
> > > already use CouchDB like this, and it's perfectly normal?
> > >
> > > Is there any way I could prevent the problem with endless loops and
> data
> > > emitting from happening? - I can run JSLint, which maybe will detect an
> > > endless loop, but that won't help against a loop with a million
> > iterations,
> > > which will be called for every item inside CouchDB - still quite
> endless.
> > >
> > > Thank you for your help!
> > >
> > > Cheers,
> > > Peter
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message