Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9E77510E8E for ; Thu, 2 Jan 2014 19:33:40 +0000 (UTC) Received: (qmail 81767 invoked by uid 500); 2 Jan 2014 19:33:39 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 81729 invoked by uid 500); 2 Jan 2014 19:33:39 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 81721 invoked by uid 99); 2 Jan 2014 19:33:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Jan 2014 19:33:39 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [80.108.101.178] (HELO mail.meredrica.org) (80.108.101.178) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Jan 2014 19:33:35 +0000 Received: from android-af9ab504e3b37868 (chello080108101178.24.11.vie.surfer.at [80.108.101.178]) (Authenticated sender: stuff@meredrica.org) by mail.meredrica.org (Postfix) with ESMTPSA id 199DD6BB55 for ; Thu, 2 Jan 2014 20:33:14 +0100 (CET) User-Agent: Kaiten Mail In-Reply-To: References: <52C28C30.7010809@meredrica.org> <52C291F9.80708@meredrica.org> <0C582CB4-CAA4-4BB4-A4EB-9529E177F0C9@apache.org> <43fe89b9-4cd4-4765-b406-33b7c3f7f66b@email.android.com> <10410DFE-478D-49EC-A022-01B89E498182@apache.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: Disabling doc include From: "Florian Westreicher Bakk.techn." Date: Thu, 02 Jan 2014 20:33:10 +0100 To: user@couchdb.apache.org Message-ID: X-Virus-Checked: Checked by ClamAV on apache.org List function are bad for performance since they are evaluated every time they run. I wanted to avoid them and use views (disk storage is cheap, CPU is not) Stanley Iriele wrote: >Correct me if I'm wrong here... If every doc had some meta info with >it... >And every URL rewrite went to a show or list function...couldn't you >use >the sec object passed on the request object to get what you want?... Or >pass in some application level user credentials... Granted that doesn't >sound very elegant >On Jan 2, 2014 7:22 AM, "Robert Newson" wrote: > >> >> It doesn’t achieve the same effect, though, the virtual host + url >> rewriter is not an access control mechanism. You’re still granting >> database-wide read permissions to the user. >> >> B. >> >> >> On 2 Jan 2014, at 09:09, Florian Westreicher Bakk.techn. < >> stuff@meredrica.org> wrote: >> >> > I put a design doc behind a desk record / virtual host, that should >do >> the trick. The user that is used by the app is read only >> > >> > Robert Newson wrote: >> >> "there’s no notion of read-protection in CouchDB." >> >> >> >> There’s no document level read protection, but you can certainly >grant >> >> or deny read access to users on a per database basis. That’s by >design >> >> due to the ease that information could leak out through views >> >> (particularly reduce views). The restrictive proxy approach is >brittle, >> >> it requires that you know all the URL patterns to block and keep >them >> >> up to date when you upgrade CouchDB. It can work, it’s just not >> >> awesome. >> >> >> >> B. >> >> >> >> . >> >> >> >> On 1 Jan 2014, at 20:47, Jens Alfke wrote: >> >> >> >>> >> >>> On Dec 31, 2013, at 1:44 AM, meredrica >wrote: >> >>> >> >>>> I expose CouchDB directly to mobile clients and wanted to hide >some >> >>>> information from them. >> >>> >> >>> You can’t really do that; there’s no notion of read-protection in >> >> CouchDB. >> >>> As a workaround you can put CouchDB behind a proxy or gateway, >and >> >> restrict the URL patterns that clients are allowed to send. >> >>> >> >>> —Jens >> >>> >> > >> > -- >> > Sent from Kaiten Mail. Please excuse my brevity. >> >> -- Sent from Kaiten Mail. Please excuse my brevity.