couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dean Landolt" <>
Subject Re: action servers
Date Tue, 11 Nov 2008 06:01:46 GMT
On Tue, Nov 11, 2008 at 12:22 AM, Chris Anderson <> wrote:

> On Mon, Nov 10, 2008 at 8:16 PM, Dean Landolt <>
> wrote:
> > Are there any other security concerns in that light?
> > I've left my instance wide for a few friends to play with -- perhaps I
> > should have asked this earlier.
> All I can think of is that we're only as safe as the couchjs sandbox.
> Which is probably safe, but you can send arbitrary http requests with
> action servers (and even from views if you are psycho) so there's
> always the danger of abuse from people who can edit design docs.

But if you have access to _utils you have access to design docs -- and
there's no way around that until security lands. Oh well, I've always lived

> > But yeah, if I squash the unobtrusive thing I'll probably only
> > need an action for periodic feed updates
> As long as you don't care about Google or people who haven't updated
> their browser in 3 years, there's no reason to be creating dynamic
> html.

Good point. Sometimes I can't help but get wrapped up in the minutia of web
development fads. That said, designing for base html has absolutely paid
back in spades when it comes time to change or extend an app -- it's forced
me to be a little less fast and loose with my inline events and a little
cleaner with my semantics.

> > I already tried it -- I couldn't help myself. An hour ago all I got was a
> > black screen -- now I see some action down below (other than the tweet
> form
> > everything gets cut off on Firefox Ubuntu Hardy).
> Yeah that's a not very fun failure mode. I should at least put up
> "you're not alone" screen for when that happens. I'm still not sure
> the cause of it. The Twitter API is a little flaky, so who know's what
> role it plays here.

To me this seems like another place where an action server may be the best
answer. Why let twitter f* with your ui? Why handle every failure and
idiosynchrosy in the view code? I guess twitter events can't really *poll --
*I don't know how something like comet would work with couch, but I would
imagine it's feasible. I hear nothing but complaints about how broken the
twitter API is -- so I say who needs it. Yeah, you need to reach out and
grab the updates from the API, and yes, updates ought to be event-driven --
but that doesn't mean your ui has to depend on their brokenness.

The *how to fix twitter* conversation is an amusing (and never-ending) meme,
but from what I gather, every suggestion worth its salt has one thing in
common -- federation. Why can't couch get in on the act -- it's a perfect
persistence layer to store a given user's twitters, and with an action
server, respond to requests. Sure, post them to the twitter API, but if
possible, why not give some indication of how to dereference them for
subscribers, especially during an all-too-common outage?

> --
> Chris Anderson

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message