incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@jsonified.com>
Subject Re: App layer on top of replication
Date Thu, 06 Sep 2012 21:04:55 GMT
On 6 September 2012 22:41, Eduardo Scoz <eduardoscoz@gmail.com> wrote:
> Hi guys,
>
> Is there any way to put an app server between two CouchDB instances to
> manage security during replication?
>
> I'm working on a mobile app using TouchDB (iOS and Android), and I'm
> replicating the data back to the server using the normal CouchDB
> replication. In my use case, user creates new documents locally on the
> device, and syncs the DB with the host to push changes and get new
> documents. Filtered replication works well for getting only important docs
> and validate_doc_update is enough to prevent unauthorized writes, but that
> still leaves the database open for anybody with an ID to read other user's
> docs.
>
> My idea is to put CouchDB behind something like Nginx or NodeJS that would
> intercept direct calls to the database, but still let replication work (as
> described above). all_docs replication would also have to be disabled, I
> guess.
>
> has anyone done anything like this? Any pointers on how one would make it?
>
> Thanks!
>
> Eduardo

Hi Eduardo,

Security is enforced at the DB level in CouchDB. Does your app architecture
allow this?

Fundamentally, the replicator is a clever, optimised HTTP client, so
blocking all except
the replicator will be very difficult, if not impossible.

Any other ideas out there?

A+
Dave

Mime
View raw message