Return-Path: 
 <user-return-27732-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6EB9111D5E
	for <apmail-couchdb-user-archive@www.apache.org>;
 Fri, 20 Jun 2014 09:17:19 +0000 (UTC)
Received: (qmail 23307 invoked by uid 500); 20 Jun 2014 09:17:18 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 23234 invoked by uid 500); 20 Jun 2014 09:17:18 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 23222 invoked by uid 99); 20 Jun 2014 09:17:17 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jun 2014 09:17:17 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of martin.minka@gmail.com
 designates 209.85.215.47 as permitted sender)
Received: from [209.85.215.47] (HELO mail-la0-f47.google.com) (209.85.215.47)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jun 2014 09:17:15 +0000
Received: by mail-la0-f47.google.com with SMTP id s18so2162198lam.20
        for <user@couchdb.apache.org>; Fri, 20 Jun 2014 02:16:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=UYAtgvpAWudFcO6uXb0y46kktHEYQ5OLR66leL3x/aI=;
        b=eZMTJ/OvBZswPJ3D37RVTxrOC2vyg4eSeYmXsRLTWyOyYGnsCk//NoaqYOxhW3LnIg
         J56kS2t0kK3/6jaDKN+2fMZAc9vANDPzRbtcOiQpJhvwFQO19wqqBZpyp0knmQtIRp4s
         XxMF1BmHJOaopF+IqyNOujFkKgut9H76yPJtPgyKytB004Am+hrHLQLtaCJgjWjJGVAl
         j0sNc8RLGgDYOTqwkqX3rPxEZnTgjkAWVFKj7S5Mx/59ZV3JAbzdAUu79vxnt2h79VjV
         IW4vUTL3HyYrO4cfc3KtA55IPrfVF+JaspcJykzowaoFJwH/g4dJ7lR1QACmgkspiTRh
         jzjw==
MIME-Version: 1.0
X-Received: by 10.152.28.194 with SMTP id d2mr1692939lah.25.1403255811502;
 Fri, 20 Jun 2014 02:16:51 -0700 (PDT)
Received: by 10.112.124.198 with HTTP; Fri, 20 Jun 2014 02:16:51 -0700 (PDT)
In-Reply-To: 
 <CA+bwPGkb9P6PupDXRv85cm775esyH-bUuQbJMWLKv=XS7chH6g@mail.gmail.com>
References: 
 <CAESpMSJiLdhGK2kmHqbjNd_Y1gtsBj1+TzODs=W7yZ1HDEE=HA@mail.gmail.com>
	<CA+bwPGkb9P6PupDXRv85cm775esyH-bUuQbJMWLKv=XS7chH6g@mail.gmail.com>
Date: Fri, 20 Jun 2014 11:16:51 +0200
Message-ID: 
 <CAESpMS+jyjgUnRvj6dxJdTck3j-k2xBpjSV1OYGxHuJBY-3KJA@mail.gmail.com>
Subject: Re: CouchDB returning data filtered by userCtx.name
From: Martin Minka <martin.minka@gmail.com>
To: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=089e0160b4202d490304fc40f406
X-Virus-Checked: Checked by ClamAV on apache.org

--089e0160b4202d490304fc40f406
Content-Type: text/plain; charset=UTF-8

yes, but this will not enforce security, because anybody could pass any
username without to authenticate first.

this would be an acceptable way if it is possible to write some validation
function which will compare the parameter with ctxUser.name before running
the view query.
is it possible to write such validation function ?


2014-06-20 11:04 GMT+02:00 Gowtham Tamizharasan <
gowtham.tamizharasan@inmobi.com>:

> Hi Martin,
>
> You could query a view function based on "key". so you can query like
> _view/myaccount?key="<user
> name>"
>
> In your View emit key as the user name.
>
>
>
> On Fri, Jun 20, 2014 at 12:02 PM, Martin Minka <martin.minka@gmail.com>
> wrote:
>
> > I am using CouchDB v1.4.0.
> >
> > Is followin doable in CouchDB ?
> > Client application will access CouchDB directly, client will authenticate
> > against CouchDB and request data from _view/myaccount, the data should be
> > filtered for userCtx.name.
> >
> > If user name has to be parameter for _view/myaccount is it possible to
> > validate it against userCtx.name ?
> >
> > Or do I have to use some other server level software to proxy requests
> > against CouchDB ?
> >
> > Thank you,
> > Martin
> >
>
> --
> _____________________________________________________________
> The information contained in this communication is intended solely for the
> use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify
> us immediately by responding to this email and then delete it from your
> system. The firm is neither liable for the proper and complete transmission
> of the information contained in this communication nor for any delay in its
> receipt.
>

--089e0160b4202d490304fc40f406--