incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon de boer <>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Wed, 06 Mar 2013 20:20:29 GMT
It would be great to take out the application layer, but the need for
more Authorization controls in a relatively straight forward manner
would be key to having this work.

There are many use cases where data for one user should be completely
impossible to access by another user.  And the more complex case of
some data being conditionally private, ex. my friends can see my email
address, but it is private for all other users.

Not only do these sort of inter-connections require more authorization
capability, but might require extreme engineering in order to wedge
them into the CouchDB paradigm.

The other option is that some requests go direct to CouchDB, as in the
public items, but other items go through the application.  Which is
entirely viable, but you would be have be working at such a scale to
make the overhead of maintaining this setup worthwhile.

FWIW: I use a heavy Javascript client, Rails (Apache + Passenger),
MemCache, with data migrating on a feature by feature basis from MySQL
and to CouchDB.    The eventual plan is to move to a much thinner
Application Server with data backed by Redis and CouchDB.

On Wed, Mar 6, 2013 at 3:05 PM, Sean Copenhaver
<> wrote:
> I've made a site that was only a couchapp and enjoyed the experience quite
> a bit. I've also used it for internal tooling to store data and to host
> mini couchapps for search or utility pages.
> In all cases though security of data (at least I didn't care who could read
> the data)  was not a requirement and I've greatly enjoyed my experiences. I
> would love to play around with gardener along with an OS daemon to try a
> tightly coupled nodejs + couchdb setup. Would also love to see CouchDB
> hosts to offer such things as well.
> On Wed, Mar 6, 2013 at 2:51 PM, Dan Santner <> wrote:
>> I think it's brilliant as just a database and no more.  So that's how I
>> use it.  I have a similar setup to your #2.  Perhaps that just because I
>> feel most comfortable with that type of setup.  This way I don't burden
>> couch with anything security related.  It just eats and serves docs.  My
>> app tier handles the access control and other tasks like email or any other
>> services over the net that I need to use.
>> On Mar 6, 2013, at 1:27 PM, Wendall Cada <> wrote:
>> > We use couchdb in two configurations.
>> >
>> > 1. As a couchapp serving content for basic consumption. (For a url
>> shortener service)
>> > 2. As a database on localhost behind pylons or pyramid.
>> >
>> > To address the security question. We've been using couchdb for long
>> enough that it didn't have any security when we started using it in
>> production (0.8). Up until recently _users was a somewhat insecure feature.
>> It's only been with the release of 1.2.0 that _users is handled securely.
>> >
>> > For our needs, couchdb still does not have robust enough acls for any of
>> our applications, so for now, it needs to run behind our app servers. I see
>> changes for this on the roadmap, but until this actually happens, couchdb
>> will happily sit on localhost serving docs.
>> >
>> > I'm not sure why it isn't understood that based on it's history, CouchDB
>> has mostly been used as a database. I know people want it to be an app
>> server, but, in my opinion, that's the weakest part of the entire system.
>> >
>> > Wendall
>> >
>> > On 03/06/2013 09:51 AM, Robert Newson wrote:
>> >> "How does everyone solve the security issue?"
>> >>
>> >> What security problem? Only administrators can modify design documents.
>> >>
>> >> B.
>> >>
>> >> On 6 March 2013 11:38, Aurélien Bénel <> wrote:
>> >>> Hi,
>> >>>
>> >>>> just out of curiosity, would like to hear how CouchDB is being used
>> in your web environment....
>> >>> We have two main setups:
>> >>> - CouchApps,
>> >>> - REST APIs used by heavy clients (Java or Firefox extensions) and
>> attached Web applications.
>> >>>
>> >>>> How does everyone solve the security issue?
>> >>> We always use CouchDB behind a reverse proxy to add LDAP
>> authentication and authorization when needed.
>> >>>
>> >>>
>> >>> Regards,
>> >>>
>> >>> Aurélien
>> >
> --
> “The limits of language are the limits of one's world. “ - Ludwig von
> Wittgenstein
> "Water is fluid, soft and yielding. But water will wear away rock, which is
> rigid and cannot yield. As a rule, whatever is fluid, soft and yielding
> will overcome whatever is rigid and hard. This is another paradox: what is
> soft is strong." - Lao-Tzu

Become the head coach with InGamer Sports!

Simon de Boer

View raw message