incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: Request object in validate_doc_update
Date Mon, 28 May 2012 13:50:47 GMT
I fear I've derailed this thread, so let's shelve the admin@127.0.0.1
idea for another time and thread.

To address the original question;

"I have a scenario where I'm building a CouchApp that needs to deny
certain behavior from happening based on the user's IP address.
Would it be good to consider this as a new feature to be implemented?"

Being able to build richer applications within the 2-tier couchapp
model is a project goal so I'm generally for the proposal to expose
the req object in VDU (since you can access it in show and list and it
seems to break nothing). I suspect the full feature set required for
your application to not require a proxy or firewall has not been
spelled out in detail and, I further suspect, some of it will be
better done with a firewall.

Could you expand on the 'certain behavior' that should be restricted
based on IP? A few examples would help.

B.

On 28 May 2012 14:38, Simon Metson <simon@cloudant.com> wrote:
> Hi,
>
>
> On Monday, 28 May 2012 at 14:12, Robert Newson wrote:
>
>> The other proposal might be to allow the granting of
>> rights by IP address, much as MySQL does. In fact, I believe this idea
>> is part of the Summit proposal to enhance our security model. I should
>> be able to grant _admin rights to a user if and only if they come from
>> 127.0.0.1, for example.
>
> We wrote something like this for our deployment at CERN. I thought it had been contributed
back to the trunk, but maybe it got lost along the way. I'll see if I can find out the status
of it.
> Cheers
> Simon

Mime
View raw message