Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AF2B5DB9C for ; Wed, 6 Mar 2013 22:18:17 +0000 (UTC) Received: (qmail 50229 invoked by uid 500); 6 Mar 2013 22:18:14 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 50183 invoked by uid 500); 6 Mar 2013 22:18:14 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 50072 invoked by uid 99); 6 Mar 2013 22:18:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Mar 2013 22:18:14 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.128.171] (HELO mail-ve0-f171.google.com) (209.85.128.171) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Mar 2013 22:18:10 +0000 Received: by mail-ve0-f171.google.com with SMTP id b10so7131597vea.2 for ; Wed, 06 Mar 2013 14:17:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type:x-gm-message-state; bh=YzgR9menyZre+JrAiw8UjpWkNYQAxKIRGUGmICHrO8I=; b=OGk1iD71Kdq1ZNO1lUXWO8ejDMO5MqY1nB7yVT8a7z2ZL8zwTIZWp6xAykPXS2kOPp +cECIaQ+ks8kXmWSwDxTcWoZ7JGl3jjDDXR5E+Oo/bFpGSquWe2Duj2Fg90MIbcA8ZYr FkM1i2IkxfJmec2nRpjNuZ48qLAWBRaZNy7GQqZHyzh40YDkdk7GB5Yf2uhWMdJe7x69 t8mtNQYN9u+wMdSVzlXArVW9uHKFwKy2g+MX99sExkKgLbO/UxyaZNZuC+H+EKKfGeD1 auuJBWYLXhTEhqAYqlylkMgRvMET/KQkMdO+IInAFTHO/WjfOTR3j7gtWAEQujHY8Dd5 sQ0g== MIME-Version: 1.0 X-Received: by 10.58.19.232 with SMTP id i8mr12133564vee.53.1362608269223; Wed, 06 Mar 2013 14:17:49 -0800 (PST) Received: by 10.58.76.5 with HTTP; Wed, 6 Mar 2013 14:17:48 -0800 (PST) In-Reply-To: References: <513798AC.5090107@83864.com> <6B3AF255-3F9E-4B3C-95FB-71F50AF5DE60@me.com> <20130306233749.772c752f@svilendobrev.com> Date: Wed, 6 Mar 2013 23:17:48 +0100 Message-ID: Subject: Re: Curiosity how you use CouchDB in your web env. From: Dale Harvey To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=047d7b86f2ecdafe1404d748f5ce X-Gm-Message-State: ALoCoQlnoWGd38veNYMl1JzWmlQYM+X0NQ7xavTDrWgrnwRmGm2J2X3huYuY/yWcWapnmr0Llhfi X-Virus-Checked: Checked by ClamAV on apache.org --047d7b86f2ecdafe1404d748f5ce Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable After a long time trying to bend CouchApps into what I wanted it do it, I have eventually given up and now pretty much all my applications are webapps served from a plain webserver and talk to either couch directly or via some application logic written node Also I will be at SXSW picking up my badge next week, so see you there :) On 6 March 2013 22:59, David Rose wrote: > My most recent app, which we're using at SXSW for badge pickup, is a pure > CouchApp. If you're at SXSW, try and find me and I'll show it to you. Or, > look over the counter when you come pick up your badge. > > -David Rose > SXSW > > > On Wed, Mar 6, 2013 at 3:37 PM, svilen wrote: > > > i'm trying to use couchdb as user-facing storage, message > > transport, as well as authentication. All changes=3Dsignals are handled > > via secondary pub-sub-dispatcher in python (somewhat like syncpoint). > > Clients replicate and talk to their own copies mostly. > > Still no escape from extra webapp/python layer - to click on the link > > in the confirmation email, accounts and all that webapp. Mostly > > achieving same fuctionality being triggered both via http as well > > as document-changes. i'm staying away from js although i do generate th= e > > js, java, objC, .. for models or view map/reduce funcs. Haven't put > > any thought on further scaling or wrapping. or validation of > > FiniteStateMachines that the app has turned into. or.. Maintenance. > > > > Though i'm quite stretched... as authentication is not > > well exampled, does not easy fit the > > multiple-changeable-keysets-per-user reality, and only plain > > usr/psw is 100% supported in mobile touchdb replications. > > > > but ce-la-vie. will invent something.. > > > > svil > > www.svilendobrev.com/rabota/ > > > > On Wed, 6 Mar 2013 15:20:29 -0500 > > Simon de boer wrote: > > > > > It would be great to take out the application layer, but the need for > > > more Authorization controls in a relatively straight forward manner > > > would be key to having this work. > > > > > > There are many use cases where data for one user should be completely > > > impossible to access by another user. And the more complex case of > > > some data being conditionally private, ex. my friends can see my emai= l > > > address, but it is private for all other users. > > > > > > Not only do these sort of inter-connections require more authorizatio= n > > > capability, but might require extreme engineering in order to wedge > > > them into the CouchDB paradigm. > > > > > > The other option is that some requests go direct to CouchDB, as in th= e > > > public items, but other items go through the application. Which is > > > entirely viable, but you would be have be working at such a scale to > > > make the overhead of maintaining this setup worthwhile. > > > > > > FWIW: I use a heavy Javascript client, Rails (Apache + Passenger), > > > MemCache, with data migrating on a feature by feature basis from MySQ= L > > > and to CouchDB. The eventual plan is to move to a much thinner > > > Application Server with data backed by Redis and CouchDB. > > > > > > On Wed, Mar 6, 2013 at 3:05 PM, Sean Copenhaver > > > wrote: > > > > I've made a site that was only a couchapp and enjoyed the > > > > experience quite a bit. I've also used it for internal tooling to > > > > store data and to host mini couchapps for search or utility pages. > > > > > > > > In all cases though security of data (at least I didn't care who > > > > could read the data) was not a requirement and I've greatly > > > > enjoyed my experiences. I would love to play around with gardener > > > > along with an OS daemon to try a tightly coupled nodejs + couchdb > > > > setup. Would also love to see CouchDB hosts to offer such things as > > > > well. > > > > > > > > > > > > > > > > On Wed, Mar 6, 2013 at 2:51 PM, Dan Santner > > > > wrote: > > > > > > > >> I think it's brilliant as just a database and no more. So that's > > > >> how I use it. I have a similar setup to your #2. Perhaps that > > > >> just because I feel most comfortable with that type of setup. > > > >> This way I don't burden couch with anything security related. It > > > >> just eats and serves docs. My app tier handles the access control > > > >> and other tasks like email or any other services over the net that > > > >> I need to use. > > > >> > > > >> > > > >> On Mar 6, 2013, at 1:27 PM, Wendall Cada > > > >> wrote: > > > >> > > > >> > We use couchdb in two configurations. > > > >> > > > > >> > 1. As a couchapp serving content for basic consumption. (For a > > > >> > url > > > >> shortener service) > > > >> > 2. As a database on localhost behind pylons or pyramid. > > > >> > > > > >> > To address the security question. We've been using couchdb for > > > >> > long > > > >> enough that it didn't have any security when we started using it i= n > > > >> production (0.8). Up until recently _users was a somewhat insecure > > > >> feature. It's only been with the release of 1.2.0 that _users is > > > >> handled securely. > > > >> > > > > >> > For our needs, couchdb still does not have robust enough acls > > > >> > for any of > > > >> our applications, so for now, it needs to run behind our app > > > >> servers. I see changes for this on the roadmap, but until this > > > >> actually happens, couchdb will happily sit on localhost serving > > > >> docs. > > > >> > > > > >> > I'm not sure why it isn't understood that based on it's history, > > > >> > CouchDB > > > >> has mostly been used as a database. I know people want it to be an > > > >> app server, but, in my opinion, that's the weakest part of the > > > >> entire system. > > > >> > > > > >> > Wendall > > > >> > > > > >> > On 03/06/2013 09:51 AM, Robert Newson wrote: > > > >> >> "How does everyone solve the security issue?" > > > >> >> > > > >> >> What security problem? Only administrators can modify design > > > >> >> documents. > > > >> >> > > > >> >> B. > > > >> >> > > > >> >> On 6 March 2013 11:38, Aur=E9lien B=E9nel > > > >> >> wrote: > > > >> >>> Hi, > > > >> >>> > > > >> >>>> just out of curiosity, would like to hear how CouchDB is > > > >> >>>> being used > > > >> in your web environment.... > > > >> >>> We have two main setups: > > > >> >>> - CouchApps, > > > >> >>> - REST APIs used by heavy clients (Java or Firefox extensions) > > > >> >>> and > > > >> attached Web applications. > > > >> >>> > > > >> >>>> How does everyone solve the security issue? > > > >> >>> We always use CouchDB behind a reverse proxy to add LDAP > > > >> authentication and authorization when needed. > > > >> >>> > > > >> >>> > > > >> >>> Regards, > > > >> >>> > > > >> >>> Aur=E9lien > > > >> > > > > >> > > > >> > > > > > > > > > > > > -- > > > > =93The limits of language are the limits of one's world. =93 - Ludw= ig > > > > von Wittgenstein > > > > > > > > "Water is fluid, soft and yielding. But water will wear away rock, > > > > which is rigid and cannot yield. As a rule, whatever is fluid, soft > > > > and yielding will overcome whatever is rigid and hard. This is > > > > another paradox: what is soft is strong." - Lao-Tzu > > > > > > > > > > > > -- > > > Become the head coach with InGamer Sports! > > > http://www.InGamer.com/ > > > > > > Simon de Boer > > > 519-400-4774 > > > --047d7b86f2ecdafe1404d748f5ce--