Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5C91CEC39 for ; Thu, 7 Mar 2013 15:58:09 +0000 (UTC) Received: (qmail 64488 invoked by uid 500); 7 Mar 2013 15:58:07 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 64434 invoked by uid 500); 7 Mar 2013 15:58:07 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 64422 invoked by uid 99); 7 Mar 2013 15:58:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Mar 2013 15:58:07 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [91.195.24.3] (HELO mail.open.bg) (91.195.24.3) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Mar 2013 15:58:03 +0000 Received: from [78.83.22.128] (port=39072 helo=localhost.localdomain) by mail.open.bg with esmtpsa (Cipher SSL3.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) id 1UDdCO-00074d-Rg by authid with login for ; Thu, 07 Mar 2013 17:57:40 +0200 Date: Thu, 7 Mar 2013 17:57:39 +0200 From: svilen To: user@couchdb.apache.org Subject: Re: Curiosity how you use CouchDB in your web env. Message-ID: <20130307175739.6ef25c40@svilendobrev.com> In-Reply-To: References: X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.13; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org probably, for going this way, one might use non-blocking long_poll webframework like python/Tornado to wrap couchdb replication/changes feed too. Thus something like http:(someuserauth)//appserver/mychannel can route to couchdb's changes for that database - or even aggregation - for that user even if notion of user is not at all couchdb's one. haven't tried it though. On Fri, 8 Mar 2013 00:47:38 +0900 TAE JIN KIM wrote: > Daniel, >=20 > So basically, what you r saying is that you put application layer in > front of couch, so user no direct access to the couch.. Right?..I > think you did pretty much similar thing #2 in my original post... > BTW, just out of curiosity, by doing this, any performance > degradation / or any trouble stuff you may have to face with > something you might had not expected at all ?... >=20 > Thanks, >=20 > > From: gonvaled@gonvaled.com > > Date: Thu, 7 Mar 2013 16:37:36 +0100 > > Subject: Re: Curiosity how you use CouchDB in your web env. > > To: user@couchdb.apache.org > >=20 > > Well, if things were always so easy! > >=20 > > We have this scenario: our webapp has to server data to different > > organizations (hopefully thousands, if our product sells well). > > That means we can not partition data in different databases: it > > would be a maintenance nightmare. can somebody tell me how to: > >=20 > > - upgrade the design docs in 1000 databases without going crazy? > > - How to backup them? > > - ... > >=20 > > I mean, the more databases you have, the more complicated > > maintenance becomes. Maybe that can be automated, but it is not > > easy out of the box. > >=20 > > Besides, I do not want to implement the following: > >=20 > > - new organization signs-up > > - we create a new database for it > > - we upload the design documens > > - we trigger those documents > >=20 > > I mean, it is probably doable, but I am not walking that path right > > now. So, the only way that I know of in which we can partition the > > data is by having an application server in front of couch: a single > > database for all customers, with access control implemented via > > view filtering with the org_id as key. The user has no direct > > access to couch. > >=20 > > On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson > > wrote: > >=20 > > > Don't grant users access to databases you don't want them to > > > read. :) > > > > > > http://wiki.apache.org/couchdb/Security_Features_Overview#Authorizati= on > > > > > > B. > > > > > > On 6 March 2013 12:33, Mark Hahn wrote: > > > > Anyone logged in can read any document in the DB. I have to > > > > check each user and what they are trying to do to block illegal > > > > actions. > > > > > > > > > > > > On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson > > > > > > > wrote: > > > > > > > >> "How does everyone solve the security issue?" > > > >> > > > >> What security problem? Only administrators can modify design > > > >> documents. > > > >> > > > >> B. > > > >> > > > >> On 6 March 2013 11:38, Aur=C3=A9lien B=C3=A9nel > > > >> wrote: > > > >> > Hi, > > > >> > > > > >> >> just out of curiosity, would like to hear how CouchDB is > > > >> >> being used > > > in > > > >> your web environment.... > > > >> > > > > >> > We have two main setups: > > > >> > - CouchApps, > > > >> > - REST APIs used by heavy clients (Java or Firefox > > > >> > extensions) and > > > >> attached Web applications. > > > >> > > > > >> >> How does everyone solve the security issue? > > > >> > > > > >> > We always use CouchDB behind a reverse proxy to add LDAP > > > authentication > > > >> and authorization when needed. > > > >> > > > > >> > > > > >> > Regards, > > > >> > > > > >> > Aur=C3=A9lien > > > >> > > > > =20