Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 83240 invoked from network); 3 Nov 2009 14:45:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Nov 2009 14:45:13 -0000 Received: (qmail 60370 invoked by uid 500); 3 Nov 2009 14:45:12 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 60324 invoked by uid 500); 3 Nov 2009 14:45:11 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 60314 invoked by uid 99); 3 Nov 2009 14:45:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Nov 2009 14:45:11 +0000 X-ASF-Spam-Status: No, hits=-2.1 required=5.0 tests=AWL,BAYES_00,FS_REPLICA X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of adam.kocoloski@gmail.com designates 209.85.221.181 as permitted sender) Received: from [209.85.221.181] (HELO mail-qy0-f181.google.com) (209.85.221.181) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Nov 2009 14:45:09 +0000 Received: by qyk11 with SMTP id 11so2915238qyk.13 for ; Tue, 03 Nov 2009 06:44:48 -0800 (PST) Received: by 10.224.57.72 with SMTP id b8mr33160qah.222.1257259488423; Tue, 03 Nov 2009 06:44:48 -0800 (PST) Received: from ?10.0.1.9? (c-71-232-49-44.hsd1.ma.comcast.net [71.232.49.44]) by mx.google.com with ESMTPS id 23sm89408qyk.3.2009.11.03.06.44.45 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 03 Nov 2009 06:44:46 -0800 (PST) Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes Mime-Version: 1.0 (Apple Message framework v1076) Subject: Re: all_or_nothing=true and replication From: Adam Kocoloski In-Reply-To: <20091103094308.GC9729@uk.tiscali.com> Date: Tue, 3 Nov 2009 09:44:44 -0500 Content-Transfer-Encoding: 7bit Message-Id: References: <01DCAC9E-0125-46EA-876E-12B685C40DFC@apache.org> <20091103094308.GC9729@uk.tiscali.com> To: user@couchdb.apache.org X-Mailer: Apple Mail (2.1076) On Nov 3, 2009, at 4:43 AM, Brian Candler wrote: > On Sun, Nov 01, 2009 at 05:36:18PM -0500, Damien Katz wrote: >> Yes, you can make a situation where somehow a user has legal >> updates to >> certain conflicts, but not others, on a particular node A. On some >> other >> node B, somehow the security was different and he was allowed to >> update >> all the docs. Then an attempt to merge all the conflicts into the >> document the user didn't really have edit access too will not be >> replicated from node B to node A. >> >> It's a contrived situation, but possible with misconfigured or >> updated >> security settings that haven't propagated. > > This is definitely something that I need to add to the > Replication_and_conflicts page. > > When you talk about security mechanisms, I know of > "validate_doc_update", > but are there other things which can affect whether a document is > replicated > or not? (e.g. I've heard talk of a filtered _changes feed, I don't > know if > that's implemented yet). I'd like to make sure I cover all bases. Filtered _changes feeds have been implemented, although Benoit noted a problem with the continuous version. The replicator doesn't yet know how to consume them, but it will soon. > On a related point: is it possible to configure a database to stop > people > *pulling* certain documents? For example, if I want to allow people > to read > and replicate user documents but not _design documents? Not at the moment. We've had some proposals for document-granularity ACLs. The sticking point often ends up being the view indexing -- e.g. what privileges does it have, and how do we keep it from exposing data that would otherwise be restricted from a user? Best, Adam