incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Santner <dansant...@me.com>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Thu, 07 Mar 2013 15:55:33 GMT
Daniel.  That's how I'd do it.  In fact I'm doing something similar and I haven't found any
performance trouble with the views yet, I also don't expect to have more than a few thousand
docs per user and a few thousand users so I'm not real worried about scale.  I think the critical
thing is that you keep that org_id trapped in the app server so the front end can't modify
and get access to another org's data.
On Mar 7, 2013, at 9:37 AM, Daniel Gonzalez <gonvaled@gonvaled.com> wrote:

> Well, if things were always so easy!
> 
> We have this scenario: our webapp has to server data to different
> organizations (hopefully thousands, if our product sells well). That means
> we can not partition data in different databases: it would be a maintenance
> nightmare. can somebody tell me how to:
> 
>   - upgrade the design docs in 1000 databases without going crazy?
>   - How to backup them?
>   - ...
> 
> I mean, the more databases you have, the more complicated maintenance
> becomes. Maybe that can be automated, but it is not easy out of the box.
> 
> Besides, I do not want to implement the following:
> 
>   - new organization signs-up
>   - we create a new database for it
>   - we upload the design documens
>   - we trigger those documents
> 
> I mean, it is probably doable, but I am not walking that path right now.
> So, the only way that I know of in which we can partition the data is by
> having an application server in front of couch: a single database for all
> customers, with access control implemented via view filtering with the
> org_id as key. The user has no direct access to couch.
> 
> On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson <rnewson@apache.org> wrote:
> 
>> Don't grant users access to databases you don't want them to read. :)
>> 
>> http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization
>> 
>> B.
>> 
>> On 6 March 2013 12:33, Mark Hahn <mark@hahnca.com> wrote:
>>> Anyone logged in can read any document in the DB.  I have to check each
>>> user and what they are trying to do to block illegal actions.
>>> 
>>> 
>>> On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnewson@apache.org>
>> wrote:
>>> 
>>>> "How does everyone solve the security issue?"
>>>> 
>>>> What security problem? Only administrators can modify design documents.
>>>> 
>>>> B.
>>>> 
>>>> On 6 March 2013 11:38, Aurélien Bénel <aurelien.benel@utt.fr> wrote:
>>>>> Hi,
>>>>> 
>>>>>> just out of curiosity, would like to hear how CouchDB is being used
>> in
>>>> your web environment....
>>>>> 
>>>>> We have two main setups:
>>>>> - CouchApps,
>>>>> - REST APIs used by heavy clients (Java or Firefox extensions) and
>>>> attached Web applications.
>>>>> 
>>>>>> How does everyone solve the security issue?
>>>>> 
>>>>> We always use CouchDB behind a reverse proxy to add LDAP
>> authentication
>>>> and authorization when needed.
>>>>> 
>>>>> 
>>>>> Regards,
>>>>> 
>>>>> Aurélien
>>>> 
>> 


Mime
View raw message