Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AB6C5E4DC for ; Thu, 7 Mar 2013 17:55:06 +0000 (UTC) Received: (qmail 1717 invoked by uid 500); 7 Mar 2013 17:55:05 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 1663 invoked by uid 500); 7 Mar 2013 17:55:05 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 1654 invoked by uid 99); 7 Mar 2013 17:55:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Mar 2013 17:55:05 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of timatbeat@gmail.com designates 209.85.223.172 as permitted sender) Received: from [209.85.223.172] (HELO mail-ie0-f172.google.com) (209.85.223.172) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Mar 2013 17:55:01 +0000 Received: by mail-ie0-f172.google.com with SMTP id c10so910485ieb.17 for ; Thu, 07 Mar 2013 09:54:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=LhjeZgQP6j2AF5DM7NhVKkDVaaQq1PRuvFtDBrowjG0=; b=fWLuEFxtNwNmcfoRDwA8wz/wM34CH5qxJqOb9Y3lWDTQKSySVxmcwioFAEdDlZniuL Z904gFWrP0N9k1OX8cOPB06dFjUlJTX8GJOP8rHxJnpj8MoQUal937xbwDfbj0F/Q/GB +RPlNPWPW95FevtqYqZMRIdK9GL+A28/jWINCBEOLr1y5Pps53wRq2E/JM3qoQmoz3WU EgpAeVvwtkb0H/eUagVPPbCNQWcdGU0YAv+vHHRmYdldw+k8T9kd7y7qzd/XytbH1FeA Z8GzZKXoCixST9HZy+hGk1JaICTwaixtMpfzie7h3UJb2nAbcptjy5f+76UIEM18GWi8 kvqA== MIME-Version: 1.0 X-Received: by 10.42.136.67 with SMTP id s3mr35229666ict.31.1362678876021; Thu, 07 Mar 2013 09:54:36 -0800 (PST) Received: by 10.64.100.130 with HTTP; Thu, 7 Mar 2013 09:54:35 -0800 (PST) In-Reply-To: <4223E3E8-E3C4-46C3-9B84-DBABFC00A836@yahoo.com> References: <20130307175739.6ef25c40@svilendobrev.com> <4223E3E8-E3C4-46C3-9B84-DBABFC00A836@yahoo.com> Date: Thu, 7 Mar 2013 11:54:35 -0600 Message-ID: Subject: Re: Curiosity how you use CouchDB in your web env. From: Tim Anderson To: "user@couchdb.apache.org" Content-Type: multipart/alternative; boundary=90e6ba6e8b9c5957c304d75966ad X-Virus-Checked: Checked by ClamAV on apache.org --90e6ba6e8b9c5957c304d75966ad Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Anybody using couchdb as data layer with Grails? On Thu, Mar 7, 2013 at 11:38 AM, Jeff Charette wrote: > I use pure couchapps backed by node processes for transactions. > I use kanso to manage my couchapps. May switch to just grunt and manage > packages on npm. > > For security everything goes through rewrites then design doc shows, > lists, updates. This messes up my ability to upload attachments since I > need secure_rewrites. I am currently working through the database per us= er > setup as well. > > Also would love to hear how people are using externals. I am passing > transactions request directly to externals then to node, but have only be= en > able to do GET request. Finally, I set the state of a document on couch > when the node process is complete. I do have a question of how people ar= e > authenticating back to couchdb. Is the AuthSession cookie enough? > > Jeff Charette | Principal > We Are Charette > web / identity / packaging > > m 415.298.2707 > w wearecharette.com > e jeffrey@wearecharette.com > > On Mar 7, 2013, at 10:57 AM, svilen wrote: > > > probably, for going this way, one might use non-blocking > > long_poll webframework like python/Tornado to wrap couchdb > > replication/changes feed too. Thus something like > > http:(someuserauth)//appserver/mychannel can route to couchdb's > > changes for that database - or even aggregation - for that user even > > if notion of user is not at all couchdb's one. > > haven't tried it though. > > > > On Fri, 8 Mar 2013 00:47:38 +0900 > > TAE JIN KIM wrote: > > > >> Daniel, > >> > >> So basically, what you r saying is that you put application layer in > >> front of couch, so user no direct access to the couch.. Right?..I > >> think you did pretty much similar thing #2 in my original post... > >> BTW, just out of curiosity, by doing this, any performance > >> degradation / or any trouble stuff you may have to face with > >> something you might had not expected at all ?... > >> > >> Thanks, > >> > >>> From: gonvaled@gonvaled.com > >>> Date: Thu, 7 Mar 2013 16:37:36 +0100 > >>> Subject: Re: Curiosity how you use CouchDB in your web env. > >>> To: user@couchdb.apache.org > >>> > >>> Well, if things were always so easy! > >>> > >>> We have this scenario: our webapp has to server data to different > >>> organizations (hopefully thousands, if our product sells well). > >>> That means we can not partition data in different databases: it > >>> would be a maintenance nightmare. can somebody tell me how to: > >>> > >>> - upgrade the design docs in 1000 databases without going crazy? > >>> - How to backup them? > >>> - ... > >>> > >>> I mean, the more databases you have, the more complicated > >>> maintenance becomes. Maybe that can be automated, but it is not > >>> easy out of the box. > >>> > >>> Besides, I do not want to implement the following: > >>> > >>> - new organization signs-up > >>> - we create a new database for it > >>> - we upload the design documens > >>> - we trigger those documents > >>> > >>> I mean, it is probably doable, but I am not walking that path right > >>> now. So, the only way that I know of in which we can partition the > >>> data is by having an application server in front of couch: a single > >>> database for all customers, with access control implemented via > >>> view filtering with the org_id as key. The user has no direct > >>> access to couch. > >>> > >>> On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson > >>> wrote: > >>> > >>>> Don't grant users access to databases you don't want them to > >>>> read. :) > >>>> > >>>> > http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization > >>>> > >>>> B. > >>>> > >>>> On 6 March 2013 12:33, Mark Hahn wrote: > >>>>> Anyone logged in can read any document in the DB. I have to > >>>>> check each user and what they are trying to do to block illegal > >>>>> actions. > >>>>> > >>>>> > >>>>> On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson > >>>>> > >>>> wrote: > >>>>> > >>>>>> "How does everyone solve the security issue?" > >>>>>> > >>>>>> What security problem? Only administrators can modify design > >>>>>> documents. > >>>>>> > >>>>>> B. > >>>>>> > >>>>>> On 6 March 2013 11:38, Aur=E9lien B=E9nel > >>>>>> wrote: > >>>>>>> Hi, > >>>>>>> > >>>>>>>> just out of curiosity, would like to hear how CouchDB is > >>>>>>>> being used > >>>> in > >>>>>> your web environment.... > >>>>>>> > >>>>>>> We have two main setups: > >>>>>>> - CouchApps, > >>>>>>> - REST APIs used by heavy clients (Java or Firefox > >>>>>>> extensions) and > >>>>>> attached Web applications. > >>>>>>> > >>>>>>>> How does everyone solve the security issue? > >>>>>>> > >>>>>>> We always use CouchDB behind a reverse proxy to add LDAP > >>>> authentication > >>>>>> and authorization when needed. > >>>>>>> > >>>>>>> > >>>>>>> Regards, > >>>>>>> > >>>>>>> Aur=E9lien > >>>>>> > >>>> > >> > > --90e6ba6e8b9c5957c304d75966ad--