incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Klein <st.fankl...@googlemail.com>
Subject Re: PUT on _update/docid1 but create a new document with _id:docid2?
Date Fri, 19 Nov 2010 22:48:28 GMT
Hi Jan,

Am 19.11.2010 13:54, schrieb Jan Lehnardt:
> Hi Stefan,
>
> On 19 Nov 2010, at 11:55, Stefan Klein wrote:
>
>> Hi List,
>>
>> [ ... snip ...]
>> Now i'm pretty unsure if this is an evil hack or even a bug in couchdb
>> which get's fixed or if it's just a relay cool feature.
> Looks like it is working as advertised :) — Beware though that if you allow
> anyone to write to your database, people could run some arbitrary JavaScript
> code. Worst that could happen though is making infinite loops that CouchDB
> kills after 5 seconds and then make many of them concurrently, i.e. a
> classical DoS situation.
>
> If it's only you that talks to the database, this looks like a neat hack :)
>
> Cheers
> Jan
Which can be handled by the validate function, only users with a 
specific role may create/update documents of a special type.
Thank you!

Stefan

Mime
View raw message