On Sat, May 30, 2009 at 18:11, Damien Katz <[email protected]> wrote: > > Some random thoughts.
Me too. Maybe there should be validation hooks. For instance, the existing system for update validation might run the first step of a consensus instance between several permanent replicas to decide [_seq, _rev]. Upon gathering <accept> messages the leader could commit locally and reply to the client. At this point the other replicas are waiting for the document information, but know from whom it should come and what sequence and revision number it should be assigned. While secure environments might guarantee no change gets replicated unless it was the consensus winner, insecure environments might have servers which lie and push replication changes unilaterally. A validation hook could check to make sure that the replicated document was proposed by server X at some time with [_seq, _rev]. These validation functions could even live in the replication settings database. -Randall
