Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 14765 invoked from network); 5 Nov 2010 13:27:43 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 5 Nov 2010 13:27:43 -0000 Received: (qmail 20160 invoked by uid 500); 5 Nov 2010 13:28:13 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 20104 invoked by uid 500); 5 Nov 2010 13:28:10 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 20096 invoked by uid 99); 5 Nov 2010 13:28:09 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Nov 2010 13:28:09 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_NEUTRAL,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [93.17.128.81] (HELO smtp24.services.sfr.fr) (93.17.128.81) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Nov 2010 13:28:01 +0000 Received: from filter.sfr.fr (localhost [127.0.0.1]) by msfrf2404.sfr.fr (SMTP Server) with ESMTP id DE1AE700008E for ; Fri, 5 Nov 2010 14:27:39 +0100 (CET) Received: from [192.168.1.20] (99.121.71-86.rev.gaoland.net [86.71.121.99]) by msfrf2404.sfr.fr (SMTP Server) with ESMTP id 9446C700008C for ; Fri, 5 Nov 2010 14:27:39 +0100 (CET) X-SFR-UUID: 20101105132739607.9446C700008C@msfrf2404.sfr.fr Message-ID: <4CD4064B.5020903@free.fr> Date: Fri, 05 Nov 2010 14:27:39 +0100 From: cdr53x User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10 MIME-Version: 1.0 To: user@couchdb.apache.org Subject: Document security, restricting document viewers Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hello, I'd like to know what is your advice on implementing a security system that would provide two simple roles for couch db documents : - document writer - document reader The idea is of course to limit the access of a given doc and allow it only on certain users. I know that the 'writer' role can be implemented using validation hooks, as explained in the docs, however there is not a clue on what could/should be done in order to protect the documents from being viewed. Is there anything existing that could be used and that I missed in the docs ? If not are there any advices on implementing such a feature ? Of course, the idea is to be able to address large databases, ( ~ 1.2M docs ), with large views, so there is no way an client side ( or server side ) application could cross check the right of each element returned by a view. If anyone has any suggestion on this, I'd realy appreciate Regards, cdrx