On Aug 6, 2010, at 4:25 AM, Benoit Chesneau wrote: > Hi all; > > I've written this patch sometimes ago that add path authentification > to _rewrite handler : > > > http://github.com/benoitc/couchdb/commit/9c15cf8ed710db3805bd1a7d792ba53457cb9c48 > > > So if you have a rule : > > { > "from": "/somepath", > "to": "/path", > "roles": ["_admin", "somerole"] > } > > It will test user roles against this patch and allow the use to see the > result only if he's authorized. It handle only roles for now, but adding > usernames could be easy too. > > Do you think It worth to make it upstream ? (ie commit it in trunk) >
I'm wary about it this, as we don't support reader access control within a database. This is possible currently by checking for roles within the _show and _list functions. Making this easier is probably a bad idea, as then people will be much more likely to use it without understanding the implications. (Eg: you think your site is secure when just removing a host header is all it takes to replicate the entire database). Chris > Let me know. > > - benoƮt
