Return-Path: 
 <user-return-26503-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A502010A69
	for <apmail-couchdb-user-archive@www.apache.org>;
 Wed,  1 Jan 2014 23:27:42 +0000 (UTC)
Received: (qmail 30547 invoked by uid 500); 1 Jan 2014 23:27:41 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 30510 invoked by uid 500); 1 Jan 2014 23:27:41 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 30501 invoked by uid 99); 1 Jan 2014 23:27:41 -0000
Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Jan 2014 23:27:41 +0000
Received: from localhost (HELO [192.168.1.4]) (127.0.0.1)
  (smtp-auth username rnewson, mechanism plain)
  by minotaur.apache.org (qpsmtpd/0.29) with ESMTP;
 Wed, 01 Jan 2014 23:27:40 +0000
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
Subject: Re: Disabling doc include
From: Robert Newson <rnewson@apache.org>
In-Reply-To: <ACE57B78-1CE5-4D4F-AAB5-032415799F52@couchbase.com>
Date: Wed, 1 Jan 2014 23:27:41 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <0C582CB4-CAA4-4BB4-A4EB-9529E177F0C9@apache.org>
References: <52C28C30.7010809@meredrica.org>
 <CAHdjipKDnJL=FMsB9LFzLR2oLTLV6n-+5rc_G06+XX_Y1J-m1w@mail.gmail.com>
 <52C291F9.80708@meredrica.org>
 <ACE57B78-1CE5-4D4F-AAB5-032415799F52@couchbase.com>
To: user <user@couchdb.apache.org>
X-Mailer: Apple Mail (2.1827)

"there=92s no notion of read-protection in CouchDB."

There=92s no document level read protection, but you can certainly grant =
or deny read access to users on a per database basis. That=92s by design =
due to the ease that information could leak out through views =
(particularly reduce views). The restrictive proxy approach is brittle, =
it requires that you know all the URL patterns to block and keep them up =
to date when you upgrade CouchDB. It can work, it=92s just not awesome.

B.

 .

On 1 Jan 2014, at 20:47, Jens Alfke <jens@couchbase.com> wrote:

>=20
> On Dec 31, 2013, at 1:44 AM, meredrica <stuff@meredrica.org> wrote:
>=20
>> I expose CouchDB directly to mobile clients and wanted to hide some=20=

>> information from them.
>=20
> You can=92t really do that; there=92s no notion of read-protection in =
CouchDB.
> As a workaround you can put CouchDB behind a proxy or gateway, and =
restrict the URL patterns that clients are allowed to send.
>=20
> =97Jens
>=20