incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hendrik Jan van Meerveld <haa...@gmail.com>
Subject Re: Can I prevent replication of design documents?
Date Wed, 10 Nov 2010 21:34:05 GMT
Hi Randall and Benjamin,

You are being really helpfull, thanks for taking the time to answer.
The information that Couch does not replicate design documents for
non-admins makes my day.
I'll do some playing with the rewrite as well to see how that works,
and the reverse proxy will probably be usefull for my companies
application.

Kind regards,
Hendrik Jan

On 10 November 2010 16:01, Benjamin Young <benjamin@couchone.com> wrote:
> Hey Hendrik,
>
> If you have admin's setup on the db, the design docs (at least) won't
> replicate. Per the CouchDB Definitive Guide book:
> "Creating design documents is restricted to admins, and if the
> replication is triggered without admin credentials, writing the design
> documents during replication will fail and be recorded as
> doc_write_failures."
>
> Additionally, you could use the proxy option that Randall mentioned.
> There's also the _rewrite handler + a vhost for the public web site
> domain. You could then optionally make the "raw" CouchDB API available
> (if you'd like) on a different port or domain.
>
> Hope that helps.
>
> On Tue, Nov 9, 2010 at 5:09 PM, Randall Leeds <randall.leeds@gmail.com> wrote:
>>
>> You can't restrict read access to the design document using
>> permissions because then I think your application would not be able to
>> access views, shows, lists, updates, etc.
>>
>> However, you could perhaps restrict network access to these resources
>> explicitly. Put a reverse proxy in front of your couch that forbids
>> access to everything under /db/_design/app* except
>> /db/_design/app/_(show|list|view|update)*. This way, the user context
>> for CouchDB within which your visitors access the views and lists will
>> still have access to the design document (you have not changed the
>> document permissions), but external attempts to fetch the code itself
>> will be blocked. Just be careful that none of your other code (such as
>> a show function) can be used to format and display the design document
>> itself.
>>
>> This might work, but I haven't thought about it longer than a minute.
>> Let me know what you find if you investigate.
>>
>> On Tue, Nov 9, 2010 at 13:45, Hendrik Jan van Meerveld <haaiee@gmail.com> wrote:
>> > Hi All,
>> >
>> > I'm trying to move a website from Drupal to Couchdb.
>> > For this I am wondering whether there is a way to prevent
>> > website visitors from replicating the whole website to their
>> > home computers.
>> > Does anybody know of such an option? Does it work on the CouchOne
>> > shared hosting?
>> >
>> > Same goes for an application that the company where I work uses.
>> > It would be great if it could be rewritten from its current
>> > incarnation to a Couchdb application, but that's not an option
>> > if the whole world can replicate the application.
>> >
>> > Thanks for any help.
>> >
>

Mime
View raw message