From user-return-8234-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Sun Jan 03 19:41:02 2010 Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 13745 invoked from network); 3 Jan 2010 19:41:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Jan 2010 19:41:02 -0000 Received: (qmail 33789 invoked by uid 500); 3 Jan 2010 19:41:01 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 33719 invoked by uid 500); 3 Jan 2010 19:41:01 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 33709 invoked by uid 99); 3 Jan 2010 19:41:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Jan 2010 19:41:01 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jchris@gmail.com designates 209.85.216.180 as permitted sender) Received: from [209.85.216.180] (HELO mail-px0-f180.google.com) (209.85.216.180) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Jan 2010 19:40:53 +0000 Received: by pxi10 with SMTP id 10so10383184pxi.13 for ; Sun, 03 Jan 2010 11:40:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=INpwIsy1NMQV2MiwRKfR6AGGWs2LvQsOsigTqJA8mHI=; b=SAaYNzttu8nJw3BSgTj6nZEDuCZ129wG1Ne2LMGRKe7PboOSLXI1d68EGwc11TINRj OJPpeFe7rCOb3RgSI4geY53PE8LHxPyar6MMC0ehCNCLl1E1Ng2Cy7mEPaeUbN17RnZd /WQBzAKo4ngJmE/hDpY84SAhmoz9xDULS2DuQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=mANGvHRhhKw2DpzmrGxeL8JFswKFIEyPtHGjSYa7LA/+fxSpQYXBh4fwW8Sn+040B/ mcEX7FesdQBog00bPuNPh00cjRq/LoO/solZy2Yf8YwctE5yMzyB6rmDQXcyNBXQ8NVE EXmXSgoJA1GvDK/TKSUNjmqP762iKihmHP29g= MIME-Version: 1.0 Sender: jchris@gmail.com Received: by 10.142.5.27 with SMTP id 27mr14190696wfe.59.1262547632483; Sun, 03 Jan 2010 11:40:32 -0800 (PST) In-Reply-To: References: <6adfa88d1001030531r6f853f2cu7d68c7b7e242b7bc@mail.gmail.com> <-2906993493094027579@unknownmsgid> <098DCF08-B9FD-4380-A1F6-38F337A0795D@gmail.com> Date: Sun, 3 Jan 2010 11:40:32 -0800 X-Google-Sender-Auth: 7e03c39fdbe2150e Message-ID: Subject: Re: Common security pattern? From: Chris Anderson To: user@couchdb.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, Jan 3, 2010 at 11:21 AM, Karel Mina=C5=99=C3=ADk wrote: > Hi, > >> Everything except the throttling of deletes for a given user should be >> easy to do natively with CouchDB. > > how about anyone accessing other databases, documents? Ie., I want to exp= ose > one database, containing the app (blog, wiki, etc), but not allow anyone > browse databases, use Futon, etc. As far as I know the only way how to > accomplish that would be to put reverse-proxy between the public and couc= h. I'd avoid thinking that hiding Futon provides security. Ideally users would be able to get into the data via Futon if they choose. If you structure your validation functions properly, this should be completely secure (more secure than an http-proxy based authorization model). OTOH, if you want to make some databases private (read-control), CouchDB does not have a provision for that. Using an HTTP proxy layer is great for this usage. And if you do it right, it has the advantage that Futon should work fine for databases the user has permission to read. We are planning per-database reader ACLs, hopefully in time for 0.11, depending on how complex the patch is. Chris > > Karel > --=20 Chris Anderson http://jchrisa.net http://couch.io