incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@couch.io>
Subject Re: granting read-only access to anonymous users
Date Thu, 22 Jul 2010 21:16:57 GMT

On Jul 22, 2010, at 2:47 PM, Catherine Jones wrote:

> I have a couch database (with an admin and and an admin password
> defined) that's sitting behind an nginx proxy. The ngin proxy routes
> traffic between http://127.0.0.1:5984 on my VPS and the public address
> of http://my_domain_name/subdirectory_name. I want anonymous visitors to
> my website to be able to read from the database but not write to it. 
> 
> While I can include validation functions in my design documents, this
> doesn't, as far as I can tell, prevent an anonymous person from sending
> a request like:
> 
> curl -X PUT http://my_domain_name/subdirectory_name/my_database_name/
>                   "some_new_doc_id" -d @some_json_file
> 
> and thus writing a new document to the database. I can use an obscure
> name for the database, of course, but isn't there some better way? Am I
> missing something here?  Thanks...
> 

You can reject all writes in a validation function, so this is definitely possible.

What you probably want to do is 

function(newDoc, oldDoc, userCtx) {
 if (userCtx.name != "Catherine"} throw({forbidden:"only Catherine can write");
}

> Catherine
> 
> 
> 


Mime
View raw message