Hello all,
Paul Davis wrote:
[snip]
> As we were mulling over the security considerations of allowing users
> to run arbitrary code on a CouchDB node, I had the idea to allow the
> node's admin to store a set of predefined methods that could be used
> as replication endpoints. As in, instead of posting a JS function, we
> post a {"filter": "foo/name"} member and it pulls the replication
> filter code from {"replication_filters": {"name": "function...."}}
> defined in "_design/foo". This way we have the full benefit of using
> JS to do our filtering while preventing arbitrary code execution.
That's b) then, at least what I had in mind when writing the initial email?!
Martin
