I was speaking to Jan about this in #couchdb-dev. He makes some very important points:
+jan____> thing is, fauxton runs under the security context of the logged in user 11:12 J<+jan____> so each user would need their own fauxton db 11:12 J<+jan____> or we bleed info 11:12 J<+jan____> or it is admin only 11:13 J<+jan____> but then, multiple admin accounts are possible, and they’d share it 11:13 J<+jan____> I wonder if a browser-local PouchDB instance is the better option A PouchDB instance might be better but then a user loses their info when they change browsers. Otherwise Jan mentioned a db-per-user which could also work really well. On Fri, Jul 15, 2016 at 11:03 AM, Garren Smith <[email protected]> wrote: > Markus, good points. I'm definitely +1 for the idea. Like Samuel says, > storing notifications would be excellent. It would definitely allow us to > improve the user experience. > > Cheers > Garren > > On Fri, Jul 15, 2016 at 8:45 AM, Samuel Kidman <[email protected]> > wrote: > >> It would be nice to store notifications in such a database. Admins could >> then see which actions have been undertaken through fauxton and by whom. >> >> On 15 July 2016 at 06:25, Markus Fischböck <[email protected]> >> wrote: >> >> > Hi Garren, >> > >> > I guess that depends on how sensitive the data in there would be. It's >> not >> > planned to store any passwords for remote servers, so the user would >> need >> > to enter those upon each replication. So in the worst case a user would >> > only see bookmarked databases on a remote server but would not be able >> to >> > access them. Given the fact that the same behavior is present on a local >> > machine I would assume this to be OK. >> > From what I can tell with my limited knowledge of the internals it's >> > currently not possible to secure specific documents and would probably >> > cause some interference with replication as well. >> > So my solution would be to simply not store any sensitive there. >> > >> > Regards, >> > Markus >> > >> > >> > >> > On 14.07.2016 12:19, Garren Smith wrote: >> > >> >> Hi Markus, >> >> >> >> I like the idea of a Fauxton system database. I think we could store >> some >> >> useful things in there. But how would we manage security and >> permissions >> >> on >> >> the database? >> >> Would one user be able to see bookmarks for another use when viewing >> that >> >> database? >> >> >> >> Cheers >> >> Garren >> >> >> >> On Tue, Jul 12, 2016 at 9:54 PM, Markus Fischböck < >> [email protected] >> >> > >> >> wrote: >> >> >> >> Hi everyone! >> >>> >> >>> I'm currently working on a new replicator add-on for the Fauxton UI. >> One >> >>> of the features I'd like to implement is a bookmark manager where a >> user >> >>> can create and save bookmarks in order to have them for quick access, >> >>> when selecting hosts/databases during replication. This saves the user >> >>> the hastle to remember the full URL to any source/target database >> he/she >> >>> want's to replicate from. >> >>> >> >>> I had a discussion lately with Robert Kowalski where to store those >> >>> bookmarks and I had a couple of ideas in mind: >> >>> a) Saving the bookmarks on the local storage of the browser => this is >> >>> the least desired option, since the bookmarks would only be available >> on >> >>> the current browser. >> >>> >> >>> b) Saving the bookmarks in the users document in the _user Database => >> >>> Not really nice, since we would pollute the user object with data from >> >>> Fauxton. I guess it's not supposed to work that way. >> >>> >> >>> c) Having a fauxton related system database (e.g. _fauxton) where we >> can >> >>> store UI related data. For now this would be bookmarks, but could come >> >>> in handy for other purposes like UI settings and that a like. >> >>> >> >>> I wanted to ask, if it would be possible (and desireable) to add such >> a >> >>> system database for the Fauxton project. >> >>> >> >>> Kind Regards, >> >>> Markus >> >>> >> >>> >> > >> > >
