incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Stoyanov <i...@kinvey.com>
Subject Re: _security and replication
Date Wed, 18 May 2011 12:43:12 GMT
Yes, I had tried some automanual solutions, like a cron which dumps
the source _security object into the destination object, but they have
issues:

1) Not being under MVCC makes it really hard to use in a real two-way
replication scheme where changes to access control are possible in
either place.
2) If you create a brand new DB with protected data, and it gets
replicated, your second copy is unprotected until the _security cron
kicks in, which, depending on you definition, can be thought of as a
security hole.

Ivan


On Wed, May 18, 2011 at 1:48 AM, Mark Hahn <mark@boutiquing.com> wrote:
> The docs say "security objects are not regular versioned documents
> (that is, they are not under MVCC rules)".  So I have assumed they
> don't replicate since replication depends on versioning.  I guess you
> need to manually set up the object on each instance of the db.
>
> On Tue, May 17, 2011 at 9:21 PM, Ivan Stoyanov <ivan@kinvey.com> wrote:
>> Hi,
>>
>> How is the security object supposed to work with replication? Right
>> now if I have a protected database and _replicate it on another
>> instance, it is left wide open.
>>
>> Thanks,
>> Ivan
>>
>
>
>
> --
> Mark Hahn
> Website Manager
> mark@boutiquing.com
> 949-229-1012
>

Mime
View raw message