incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lance Carlson <lancecarl...@gmail.com>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Wed, 06 Mar 2013 20:19:25 GMT
I've been deploying some robust apps as couchapps recently and I've
had mixed results. Overall I really like the new setup but I think
there is room for improvement. I stick my app behind a node js proxy
(and also use it like a worker). To handle security, I have two
databases. One that handles registration and and any data I don't mind
being public and I have a separate database that stores all of the
private data and which is only accessible by the admin user. I'm
paranoid so I created an admin user and set require valid user to
true. My proxy then makes every "public" request to my public couchapp
authenticated as the admin (until the user logs in, in which case they
are then authenticated as themselves). For any private data that
pertains to them and only them, they have to get access to that data
only after that are authenticated and then the admin user grabs that
data for them from the private database. I'm still debating whether
this is overkill but I really like the idea of pushing the logic into
the database as much as possible.

Sent from my iPhone

On Mar 6, 2013, at 3:05 PM, Sean Copenhaver <sean.copenhaver@gmail.com> wrote:

> I've made a site that was only a couchapp and enjoyed the experience quite
> a bit. I've also used it for internal tooling to store data and to host
> mini couchapps for search or utility pages.
>
> In all cases though security of data (at least I didn't care who could read
> the data)  was not a requirement and I've greatly enjoyed my experiences. I
> would love to play around with gardener along with an OS daemon to try a
> tightly coupled nodejs + couchdb setup. Would also love to see CouchDB
> hosts to offer such things as well.
>
>
>
> On Wed, Mar 6, 2013 at 2:51 PM, Dan Santner <dansantner@me.com> wrote:
>
>> I think it's brilliant as just a database and no more.  So that's how I
>> use it.  I have a similar setup to your #2.  Perhaps that just because I
>> feel most comfortable with that type of setup.  This way I don't burden
>> couch with anything security related.  It just eats and serves docs.  My
>> app tier handles the access control and other tasks like email or any other
>> services over the net that I need to use.
>>
>>
>> On Mar 6, 2013, at 1:27 PM, Wendall Cada <wendallc@83864.com> wrote:
>>
>>> We use couchdb in two configurations.
>>>
>>> 1. As a couchapp serving content for basic consumption. (For a url
>> shortener service)
>>> 2. As a database on localhost behind pylons or pyramid.
>>>
>>> To address the security question. We've been using couchdb for long
>> enough that it didn't have any security when we started using it in
>> production (0.8). Up until recently _users was a somewhat insecure feature.
>> It's only been with the release of 1.2.0 that _users is handled securely.
>>>
>>> For our needs, couchdb still does not have robust enough acls for any of
>> our applications, so for now, it needs to run behind our app servers. I see
>> changes for this on the roadmap, but until this actually happens, couchdb
>> will happily sit on localhost serving docs.
>>>
>>> I'm not sure why it isn't understood that based on it's history, CouchDB
>> has mostly been used as a database. I know people want it to be an app
>> server, but, in my opinion, that's the weakest part of the entire system.
>>>
>>> Wendall
>>>
>>> On 03/06/2013 09:51 AM, Robert Newson wrote:
>>>> "How does everyone solve the security issue?"
>>>>
>>>> What security problem? Only administrators can modify design documents.
>>>>
>>>> B.
>>>>
>>>> On 6 March 2013 11:38, Aurélien Bénel <aurelien.benel@utt.fr> wrote:
>>>>> Hi,
>>>>>
>>>>>> just out of curiosity, would like to hear how CouchDB is being used
>> in your web environment....
>>>>> We have two main setups:
>>>>> - CouchApps,
>>>>> - REST APIs used by heavy clients (Java or Firefox extensions) and
>> attached Web applications.
>>>>>
>>>>>> How does everyone solve the security issue?
>>>>> We always use CouchDB behind a reverse proxy to add LDAP
>> authentication and authorization when needed.
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Aurélien
>
>
> --
> “The limits of language are the limits of one's world. “ - Ludwig von
> Wittgenstein
>
> "Water is fluid, soft and yielding. But water will wear away rock, which is
> rigid and cannot yield. As a rule, whatever is fluid, soft and yielding
> will overcome whatever is rigid and hard. This is another paradox: what is
> soft is strong." - Lao-Tzu

Mime
View raw message