incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Dingwall <james.dingw...@zynstra.com>
Subject Re: Enforcing creating documents using an update handler in a CouchApp
Date Fri, 28 Feb 2014 08:56:12 GMT
Pascal Dennerly wrote:
> I've been struggling with how I might lock down PUT and POST to a DB so I
> can enforce a model. Now using an update handler would be ideal, but I'm
> struggling to find a way of preventing changes to documents directly.
>
> If validation_doc_update had context about the request, I could block any
> requests that didn't come through an update handler there.
>
> Does anyone have any ideas how to do this? Am I missing something?
With a proxy in front of CouchDB you can limit the HTTP verbs which will 
be passed through therefore preventing PUTs.  To restrict POST you could 
force everything through a _rewrite on the design document and only 
allow POST requests when the url matches 
^/<db>/_design/<ddoc>/_rewrite/<stuff>.

James

Mime
View raw message