incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Bisbee <>
Subject Re: Common security pattern?
Date Sun, 03 Jan 2010 20:07:10 GMT
On Sun, Jan 03, 2010 at 11:40:32AM -0800, Chris Anderson wrote:
> I'd avoid thinking that hiding Futon provides security. Ideally users
> would be able to get into the data via Futon if they choose. If you
> structure your validation functions properly, this should be
> completely secure (more secure than an http-proxy based authorization
> model).

This strikes me as an odd and interesting proposition (read: the good kind).

I can think of plenty of cases where I don't want users to see all the data
that I have related to them: ex., hashed/crypted passwords, analytics, various
types of scores/weights, my profit margin on their purchases, etc. Allowing
users to inspect documents about themselves through Futon would allow them to
see all those goodies.

Also, I have always been of the mind that even if something doesn't inherently
cause a security flaw, that you shouldn't give it to your users if you don't
need to (users are too good at breaking things in ways that you don't expect,
especially the malicious ones). 

Not that I'm not a fan of open APIs (actually, I'm a huge fan), but even those
enforce validation/rules.

Or were you discussing a specific use case?


Sam Bisbee

View raw message