On Fri, Aug 26, 2011 at 10:17 PM, Filipe David Manana <[email protected]> wrote: > On Fri, Aug 26, 2011 at 8:01 PM, Jason Smith <[email protected]> wrote: >> 1. Does this require updating the replicator to update _local docs correctly? > > Yes > >> 2. Only admins can change _security. But anybody with read access can >> change _local/*. Does couch special-case _local/security? > > My preference: > > _security would become a regular document (just a special id, which > starts with underscore). We can still cache the latest revision in the > db header, db updater state, whatever. > > This _security document (or perhaps any other starting with underscore > in the future), would only be replicable if the replication is > triggered by some special user with some special role (_admin, > _server_admin, whatever). > > Does it sound simple and satisfies people's needs? >
No. Abso-fucking-lutely note. Imagine you have a phone with a CouchDB. And your friend says, "Just replicate this photo album." But he's inserted a _security doc that gives him permission to touch your private data. If someone said the obvious answer is "have a validate_doc_update function," I would obviously slap that person. Never in no way ever should it be remotely possible to unknowingly change authorization settings because your db accidentally slurped up a _security doc. >> >> -- >> Iris Couch >> > > > > -- > Filipe David Manana, > [email protected], [email protected] > > "Reasonable men adapt themselves to the world. > Unreasonable men adapt the world to themselves. > That's why all progress depends on unreasonable men." >
