incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wordit <wordi...@gmail.com>
Subject Re: Possible validation security issue
Date Wed, 29 Aug 2012 19:01:48 GMT
The function I used is from the "CouchDB Definitive Guide". It's in
both the security and validation sections.

http://guide.couchdb.org/draft/security.html

"We had an update validation function that allowed us to verify that
the claimed author of a document matched the authenticated username."

Is the guide outdated, is it an error in the guide, or did I
misunderstand what it is to be used for? Or all three perhaps?


That aside, why does the function prevent updating all fields except
the author field when that is the one in the validation function? What
am I missing in couchdb's logic?

Marcus

Mime
View raw message