Return-Path: X-Original-To: apmail-couchdb-marketing-archive@minotaur.apache.org Delivered-To: apmail-couchdb-marketing-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7323C173C8 for ; Tue, 13 Jan 2015 04:37:29 +0000 (UTC) Received: (qmail 44765 invoked by uid 500); 13 Jan 2015 04:37:31 -0000 Delivered-To: apmail-couchdb-marketing-archive@couchdb.apache.org Received: (qmail 44739 invoked by uid 500); 13 Jan 2015 04:37:30 -0000 Mailing-List: contact marketing-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: marketing@couchdb.apache.org Delivered-To: mailing list marketing@couchdb.apache.org Received: (qmail 44724 invoked by uid 99); 13 Jan 2015 04:37:29 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jan 2015 04:37:29 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of kxepal@gmail.com designates 74.125.82.174 as permitted sender) Received: from [74.125.82.174] (HELO mail-we0-f174.google.com) (74.125.82.174) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jan 2015 04:37:25 +0000 Received: by mail-we0-f174.google.com with SMTP id k48so677800wev.5 for ; Mon, 12 Jan 2015 20:36:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=WPbMxl6Hrnv37EUReX3TO3vojGWLg5nqyrXYP3ebWbk=; b=t2h1QCQlXfma5B7MIaYye3aPHsSyyXfBmb6iTEti6ftqGdYRtuE2eRzFywXXUBy7NM tjt96ZcqBsno3miBLoVV84lupZVmWhJkFjWZEKiIMLYK1fB/wUrxSmiOsqhdpTxNQOrO oQM7LoL3+acFdahZJ2rVHRN7EAawUB1sq88RP62ZMyreGWDzop38wThJQsyc3+fJALBZ 868jOF4CQGpmwS3VBZtwR33KyeEZ0zLeqWPjCrVPO55DlEszlyRsbGs+DV8Ou1lirazg HTQdXf2N9kW7O1beuLDq7wU10TARAUV1NHVS9SHt9EDJ+0eewnyqPie8T/seFXtT2Xl8 cx5Q== MIME-Version: 1.0 X-Received: by 10.194.84.240 with SMTP id c16mr485639wjz.74.1421123779494; Mon, 12 Jan 2015 20:36:19 -0800 (PST) Received: by 10.180.82.101 with HTTP; Mon, 12 Jan 2015 20:36:19 -0800 (PST) In-Reply-To: References: Date: Tue, 13 Jan 2015 08:36:19 +0400 Message-ID: Subject: Re: [NEWS] Your links for the CouchDB Weekly News From: Alexander Shorin To: "marketing@couchdb.apache.org" Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org On Tue, Jan 13, 2015 at 7:11 AM, Akshat Jiwan Sharma wrote: > http://www.staticshin.com/programming/what-does-_security-secure-in-couchdb/ > Every _security document consists of two mandatory fields called admins and members. They aren't mandatory at all, just the ones which CouchDB handles in special way and requires them to have special structure. > The name in an admin or a member property must be the name of the user stored in _users database. The "must" is too strong requirement. The name must be string, but it should point on some user name, which even may not be existed at all. However, this is a security leak in this case. > When couchdb authenticates a user from the _users database it can run checks against the _security document of each database to determine whether the authenticated user is an admin or a member. When user requests database or any it subresource, CouchDB check his context (userCtx - a user name and list of their roles) against database _security. > The roles property on the other hand is free form--- meaning you can supply any value in the roles array. Any string value. In 1.3.0 we'd dropped support of non-string roles. That was bad hack. > An admin is authorized to perform CRUD on _design and _security documents. And run any IO-related tasks on database they admins, like compaction, running temporary views and views indexes cleanup. > A member can only read or write normal documents--- all documents except _design and the _security documents. Members can read design documents, but no modify the. Same about _security one. > Once you add a _security to the database then the database can only be accessed by the person who is a part of the _security document. Any unauthorized person would be forbidden from accessing the database. Once you specify database members it becomes only accessible to those users or users with specified roles in additional to admin. Those who specified in admins grants a power to run IO operations upon database, manage _security and design documents. > The conclusion is pretty easy to draw. couchdb offers minimal read level security on the normal documents (that is all documents except the special _design and _security documents). Same is above. _security members controls global database read bit; _security admins controls exec bit for service operations and write bit for design docs and security. > You can add conditional checks on who creates, updates or deletes a document using document update functions. Correction: using validate document update functions. The update functions is a little bit different thing: http://docs.couchdb.org/en/latest/couchapp/ddocs.html#update-functions -- ,,,^..^,,,