incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <d...@muse.net.nz>
Subject Re: Request object in validate_doc_update
Date Mon, 28 May 2012 11:32:48 GMT
On 25 May 2012 13:49, Robert Newson <rnewson@apache.org> wrote:

> I can't think of a solid objection to this idea. The result of a
> validate_doc_update can already vary based on the local security
> object. Being able to inspect not only the new document, but any other
> property of the request seems useful.
>
> B.
>
>
> On 25 May 2012 12:43, Luca Matteis <lmatteis@gmail.com> wrote:
> > I have a scenario where I'm building a CouchApp that needs to deny
> > certain behavior from happening based on the user's IP address.
> > However, the request object isn't available in validate_doc_update()
> > functions.
> >
> > Would it be good to consider this as a new feature to be implemented?
> > This would enable people to build much more secure CouchApps, without
> > having to use proxies/firewalls and such. I personally think that
> > CouchApps are opening up a whole new paradigm for developing web-apps,
> > making them really easy to distribute around and to install (think of
> > kanso), since they only require a simple push to a Couch instance.
> >
> > So adding new security features such as this, would enable even more
> > apps to be built this way.
> >
> > What do you think?
>

+0.8, agree with the use case. However should validate_doc_update be
idempotent or is it fine to expect that results might vary depending on
where the document was submitted from? e.g. replication partner vs
hosted couchapp vs my dodgy browser?

A+
Dave

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message