incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <>
Subject Re: Question about validator functions and replication
Date Tue, 29 Mar 2011 14:41:13 GMT
so presumably this just uses couchdb us a dumb store, since you won't
be able to compute views over this data?


On 29 March 2011 14:19, Nebu Pookins <> wrote:
> On Tue, Mar 29, 2011 at 8:54 AM, Robert Newson <> wrote:
>> You can get read access control by separating each users documents
>> into a separate database.
> This solution gets tricky if there are "shared" documents, though.
> You'd basically need one database for each possible grouping of users.
> I.e. with N users, you'd need 2^N databases.
>> I'm curious to know where you store the encryption keys such that no
>> user can access the key of another user. Whatever you did to solve
>> that would seem to be sufficient to prevent the access you were
>> concerned about in the first place. Presumably there's also a
>> different key per user?
> You basically need to use public key encryption. Each user has their
> private key which they keep secret, and the public keys are accessible
> to everyone and probably stored in the DB itself (so that the DB
> software can also generate documents encrypted towards specific sets
> of users).
> - Nebu

View raw message