incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zachary Zolton <>
Subject Re: CouchDB users publicly visible
Date Tue, 04 Jan 2011 21:54:34 GMT
You are correct. You can however restrict read access to the _users
database, and then just proxy user signup requests to a traditional
middle-tier app.


On Tue, Jan 4, 2011 at 3:17 PM, Joe Freeman <> wrote:
> My understanding of the CouchDB '_users' table is that in order to
> have a user sign up (for example, using $.couch.signup(...)), you have
> to have the '_users' table publicly visible, and hence have all users
> in your app publicly visible?
> This doesn't seem so great for me, or the potential users of my app.
> For example, I can see all the users on the couchone site here:
> This includes potentially sensitive information like people's e-mail address':
> I'm assuming update access implies read access? Am I missing something..?

View raw message