incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Matteis <lmatt...@gmail.com>
Subject Re: Request object in validate_doc_update
Date Mon, 28 May 2012 15:06:11 GMT
Sure. For example I'm allowing my users to vote on certain "items" in
my database. This will allow me to understand the amount of
satisfaction of these items. I can easily validate and make sure each
user is commenting only once, however, someone might simply create a
new account and re-vote for that item. This defeats the purpose of the
voting system.
My solution would be to check based on the IP of the voter, no matter
what user they're logged in with.

Does this make sense? Thanks.

On Mon, May 28, 2012 at 3:50 PM, Robert Newson <rnewson@apache.org> wrote:
> I fear I've derailed this thread, so let's shelve the admin@127.0.0.1
> idea for another time and thread.
>
> To address the original question;
>
> "I have a scenario where I'm building a CouchApp that needs to deny
> certain behavior from happening based on the user's IP address.
> Would it be good to consider this as a new feature to be implemented?"
>
> Being able to build richer applications within the 2-tier couchapp
> model is a project goal so I'm generally for the proposal to expose
> the req object in VDU (since you can access it in show and list and it
> seems to break nothing). I suspect the full feature set required for
> your application to not require a proxy or firewall has not been
> spelled out in detail and, I further suspect, some of it will be
> better done with a firewall.
>
> Could you expand on the 'certain behavior' that should be restricted
> based on IP? A few examples would help.
>
> B.
>
> On 28 May 2012 14:38, Simon Metson <simon@cloudant.com> wrote:
>> Hi,
>>
>>
>> On Monday, 28 May 2012 at 14:12, Robert Newson wrote:
>>
>>> The other proposal might be to allow the granting of
>>> rights by IP address, much as MySQL does. In fact, I believe this idea
>>> is part of the Summit proposal to enhance our security model. I should
>>> be able to grant _admin rights to a user if and only if they come from
>>> 127.0.0.1, for example.
>>
>> We wrote something like this for our deployment at CERN. I thought it had been contributed
back to the trunk, but maybe it got lost along the way. I'll see if I can find out the status
of it.
>> Cheers
>> Simon

Mime
View raw message