incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: Request object in validate_doc_update
Date Fri, 25 May 2012 11:49:22 GMT
I can't think of a solid objection to this idea. The result of a
validate_doc_update can already vary based on the local security
object. Being able to inspect not only the new document, but any other
property of the request seems useful.

B.


On 25 May 2012 12:43, Luca Matteis <lmatteis@gmail.com> wrote:
> I have a scenario where I'm building a CouchApp that needs to deny
> certain behavior from happening based on the user's IP address.
> However, the request object isn't available in validate_doc_update()
> functions.
>
> Would it be good to consider this as a new feature to be implemented?
> This would enable people to build much more secure CouchApps, without
> having to use proxies/firewalls and such. I personally think that
> CouchApps are opening up a whole new paradigm for developing web-apps,
> making them really easy to distribute around and to install (think of
> kanso), since they only require a simple push to a Couch instance.
>
> So adding new security features such as this, would enable even more
> apps to be built this way.
>
> What do you think?

Mime
View raw message