incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Damien Katz <dam...@apache.org>
Subject Re: Replication security branch almost done
Date Sat, 07 Mar 2009 01:55:00 GMT

On Mar 6, 2009, at 9:13 AM, Damien Katz wrote:

>
> On Mar 5, 2009, at 12:44 PM, Adam Kocoloski wrote:
>
>> On Mar 4, 2009, at 3:24 PM, Damien Katz wrote:
>>
>>> The replication security branch is finally near completion, this  
>>> work is makes CouchDB enforces security during replication, to  
>>> allow CouchDB databases to be exposed directly to clients and  
>>> replicators.
>>> svn co http://svn.apache.org/repos/asf/couchdb/branches/rep_security
>>> This branch also has revision stemming work, but it doesn't  
>>> actually do the stemming yet. But that's simple to add later and  
>>> will still work with the same replication protocol.
>>>
>>> This version removes all or nothing bulk updates w/ conflict  
>>> checking as it was the only way I could get everything else  
>>> working. However, it's still possible we'll add it back if needed.  
>>> I'm in favor of removing it all together for now and seeing if we  
>>> can live with it. Thoughts please.
>>>
>>> I'd appreciate people testing it out. Also writing more JS tests  
>>> would be a big help too.
>>>
>>> This branch right now is a month or so behind trunk, so recent  
>>> fixes/features are missing until I merge it to latest. Sorry.
>>>
>>> -Damien
>>
>> Hi Damien, at the end of security_validation.js, you have
>>
>>> // this is a legal edit
>>> var foo2 = dbB.open("foo2");
>>> foo2.value = "b";
>>> dbB.save(foo2);
>>>
>>> var results = CouchDB.replicate(B, A);
>>>
>>> <snip>
>>>
>>> // The edit to foo2 should have replicated.
>>> T(dbA.open("foo2").value == "a");
>>
>> I'm confused.  If that was a legal edit, shouldn't the value of  
>> foo2 on dbA == "b"?  I noticed a line in the log when I run this test
>>
>>> [info] [<0.121.0>] error replicating document "foo2" rev  
>>> "2-3418587803":{unauthorized, <<"You are not the author of this  
>>> document. You jerk.">>}
>>
>> and I if I inspect the two DBs I see that the change did not  
>> replicate.  Hope it helps, Adam
>
> Thanks Adam. I'm doing more testing and debugging today.
>
> -Damien

I've got this all fixed up and lots more testing in general on  
replication.

I also completed revision stemming today. By default, revisions are  
limited to 1000, and the limit is settable: "PUT /db/_revs_limit" See  
the rev_stemming test for more usage details.

This branch is starting to look pretty solid.

-Damien



Mime
View raw message