incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Prater <steph...@agrussell.com>
Subject Re: XPath in CouchDB?
Date Wed, 08 Dec 2010 15:03:35 GMT
apropos to nothing, what makes them "insecure?"

at least if you run Ruby with $SAFE=4 I don't immediately see why it  
would be any less secure than any other eval based view server.

On Dec 7, 2010, at 11:16 AM, Mikeal Rogers wrote:

> In trunk you can use require inside of map/reduce but you can only  
> import modules that are attached to the views attriebute of your  
> object. This is so that changes to libraries used map/reduce  
> invalidate the view index on change.
>
> I don't see how you would need introspection since the only modules  
> you can import are the ones you add yourself to your design document.
>
> Python and Ruby may have introspection but that are also horribly  
> insecure when used as view servers.


Mime
View raw message