Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 83854 invoked from network); 22 Jul 2010 21:17:31 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 22 Jul 2010 21:17:31 -0000 Received: (qmail 36825 invoked by uid 500); 22 Jul 2010 21:17:30 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 36758 invoked by uid 500); 22 Jul 2010 21:17:29 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 36750 invoked by uid 99); 22 Jul 2010 21:17:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jul 2010 21:17:29 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_NONE,SPF_NEUTRAL,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.160.52] (HELO mail-pw0-f52.google.com) (209.85.160.52) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jul 2010 21:17:21 +0000 Received: by pwi7 with SMTP id 7so7055706pwi.11 for ; Thu, 22 Jul 2010 14:17:00 -0700 (PDT) Received: by 10.114.88.18 with SMTP id l18mr3971109wab.175.1279833419890; Thu, 22 Jul 2010 14:16:59 -0700 (PDT) Received: from [192.168.1.102] (c-98-248-172-14.hsd1.ca.comcast.net [98.248.172.14]) by mx.google.com with ESMTPS id r15sm2171743rvi.8.2010.07.22.14.16.58 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 22 Jul 2010 14:16:59 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: granting read-only access to anonymous users From: J Chris Anderson In-Reply-To: <1279835274.2979.57.camel@west> Date: Thu, 22 Jul 2010 14:16:57 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <1279835274.2979.57.camel@west> To: user@couchdb.apache.org X-Mailer: Apple Mail (2.1081) X-Virus-Checked: Checked by ClamAV on apache.org On Jul 22, 2010, at 2:47 PM, Catherine Jones wrote: > I have a couch database (with an admin and and an admin password > defined) that's sitting behind an nginx proxy. The ngin proxy routes > traffic between http://127.0.0.1:5984 on my VPS and the public address > of http://my_domain_name/subdirectory_name. I want anonymous visitors = to > my website to be able to read from the database but not write to it.=20= >=20 > While I can include validation functions in my design documents, this > doesn't, as far as I can tell, prevent an anonymous person from = sending > a request like: >=20 > curl -X PUT http://my_domain_name/subdirectory_name/my_database_name/ > "some_new_doc_id" -d @some_json_file >=20 > and thus writing a new document to the database. I can use an obscure > name for the database, of course, but isn't there some better way? Am = I > missing something here? Thanks... >=20 You can reject all writes in a validation function, so this is = definitely possible. What you probably want to do is=20 function(newDoc, oldDoc, userCtx) { if (userCtx.name !=3D "Catherine"} throw({forbidden:"only Catherine can = write"); } > Catherine >=20 >=20 >=20