incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: hidden fields in a document
Date Mon, 21 Jun 2010 07:44:31 GMT
On Mon, Jun 21, 2010 at 00:15, Manokaran K <manokaran@gmail.com> wrote:
> On Mon, Jun 21, 2010 at 2:54 AM, Randall Leeds <randall.leeds@gmail.com>wrote:
>
>> I suspect you could achieve what you're looking for with a rewrite
>> handler[1] and a show function[2] that rewrites "/db/mydoc" to
>> "/db/_design/safe/_show/document/mydoc".
>>
>>
> But rewrites cannot be relied upon as a security measure. A user can bypass
> it by requesting the view URL itself and be able to see the raw doc!

I missed the part about not making the design document code visible.
Is it possible to just rewrite this as well? I know the rewrite
solution feels like whack-a-mole, but is it really not possible to
solve Pavan's use case?

Mime
View raw message