incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <>
Subject Re: Accessing Views - Security
Date Fri, 19 Feb 2010 13:43:19 GMT

On Feb 19, 2010, at 4:38 AM, Mario Scheliga wrote:

> Hi Everyone,
> i am just thinking about some security issues with couchdb. I just want to adjust the
access to
> stored Data like in ACLs and how would you do this if couchdb runs on different clients.
> about a Groupware Project with clientside-persistence.
> 1. encrypt/decrypt fields in couchdb-docs? (with certificates or something like that
> 2. on a server i could hide some urlparts by using a proxy, so the user have to use my
show,list,_update functions, where i can implement my acl logic, but how is this done one
a client site environment, where the user has full-access to the couchdb-instance
> how is that done right?

This is best done via filtered replication. (There are some new tools coming that will make
this easier, too.)

On your server you can keep one database per client, and control which documents are allowed
to replicate to that database (via a validate_doc_update function). Then the client can replicate
that entire database and do whatever they want to it at home, but you know they only have
data they are allowed to see.

> greetz
> mario
> --
> Sourcegarden GmbH HR: B-104357
> Steuernummer: 37/167/21214 USt-ID: DE814784953
> Geschaeftsfuehrer: Mario Scheliga, Rene Otto
> Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929
> Schoenhauser Allee 51, 10437 Berlin

View raw message