incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: Security and Validation - Re: CouchDB 0.9 and 1.0
Date Wed, 02 Jul 2008 17:44:10 GMT
Perhaps we could rely on standard HTTP auth either:

 * as passed back through a proxy
 * as negotiated by CouchDB using a similar method to Apache httpd

This doesn't seem too hard, Mochiweb might even support it natively.

On Wed, Jul 02, 2008 at 12:56:44PM -0400, Damien Katz wrote:
> We need to implement a couchdb security model. I think at a high level
> it should be simple as possible. Also I think we won't do
> authentication, that should be handled by a authenticating proxy, or
> application code.
>
> I'm thinking our model looks something like this:
>
> We'll have server wide admin accounts, and dbadmin accounts. Db Admins
> can create dbs and admin their own dbs. Server admins are like
> superusers. Only admins are allowed to update design documents in
> databases.
>
> The per-database customized module will be supported by custom
> validation functions contained in databases design documents.  When a
> document is updated, either via replication or new edit, these
> validation functions are evaluate with provided context.
>
> Here is a very simplistic validation routine:
>
> function (doc, ctx) {
>       if (doc.type == "topic" && doc.subject == undefined) {
>               throw "Error, a subject is required for all topics.";
>       }
> }
>
> Something that looks at previous revisions:
>
> function (doc, ctx) {
>       var prev = ctx.get_local_doc();
>       if (prev != null && prev.author != ctx.user_name()) {
>               throw "Error, update by non-author.";
>       }
> }
>
> It should also be possible modify the document while it's being saved,
> but this might only be allowable when its a new edit, vs a replicated
> update or backup restore.
>
> All further security schemes would be handled the customized functions,
> and though APIs to do database or external ldap queries.
> On Jul 2, 2008, at 3:08 AM, Jan Lehnardt wrote:
>
>> Hello everybody,
>> this thread is meant to collect missing work items (features and
>> bugs) for for our 1.0 release and a discussion about how to split
>> them up between 0.9 and 1.0.
>>
>> Take it away: Damien.
>>
>> Cheers
>> Jan
>> --
>

-- 
Noah Slater, http://people.apache.org/~nslater/

Mime
View raw message