incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Catherine Jones <cathj...@gmail.com>
Subject Re: granting read-only access to anonymous users
Date Thu, 22 Jul 2010 22:17:45 GMT
Thanks - problem solved. I hadn't realized that every "save document"
operation (whether or not related to a query in a design document) had
to satisfy any validation function in *any* design document.

Catherine

 to be saved had to satisfy to On Thu, 2010-07-22 at 14:16 -0700, J
Chris Anderson wrote:
> On Jul 22, 2010, at 2:47 PM, Catherine Jones wrote:
> 
> > I have a couch database (with an admin and and an admin password
> > defined) that's sitting behind an nginx proxy. The ngin proxy routes
> > traffic between http://127.0.0.1:5984 on my VPS and the public address
> > of http://my_domain_name/subdirectory_name. I want anonymous visitors to
> > my website to be able to read from the database but not write to it. 
> > 
> > While I can include validation functions in my design documents, this
> > doesn't, as far as I can tell, prevent an anonymous person from sending
> > a request like:
> > 
> > curl -X PUT http://my_domain_name/subdirectory_name/my_database_name/
> >                   "some_new_doc_id" -d @some_json_file
> > 
> > and thus writing a new document to the database. I can use an obscure
> > name for the database, of course, but isn't there some better way? Am I
> > missing something here?  Thanks...
> > 
> 
> You can reject all writes in a validation function, so this is definitely possible.
> 
> What you probably want to do is 
> 
> function(newDoc, oldDoc, userCtx) {
>  if (userCtx.name != "Catherine"} throw({forbidden:"only Catherine can write");
> }
> 
> > Catherine
> > 
> > 
> > 
> 


Mime
View raw message