> On 4. Aug 2020, at 13:01, Bessenyei Balázs Donát <bes...@apache.org> wrote:
>
> On Tue, 4 Aug 2020 at 12:34, Jan Lehnardt <j...@apache.org> wrote:
>>
>> The Erlang tests are already exclusively using the HTTP API. I don’t plan
>> to rewrite those to Elixir, but documentation on how to use this will be
>> written before this is merged.
>
> The documentation before merge sounds like a good idea, thank you for that!
>
>>
>>> - what do you think about making this feature toggleable via an ini option?
>>
>> I could be persuaded to provide a default toggle like we have for `q` as an
>> ini option, but I want to make sure people know this is opt-in behaviour, so
>> I’m on the fence on allowing this to be the default on database creation.
>
> Are you suggesting a three-state flag, such as "always-on" (for the
> security-conscious people and environments),
> "per-db-user-defined-on-create-but-off-when-unspecified" (opt-in, most
> flexible), "always-off" ("compatibility mode")?
> That would be neat.
Ah, there might be a misconception. Per-doc-access databases are not “more
secure”
than regular databases. They are a trade-off between additional access-control
for
additional CPU and disk resources. But it’s not a case of having a regular
db-as-
we-know-and-use-it-today and enabling per-doc-access and now it is more secure,
it behaves differently and your app needs to account for that.
For that reason, I’ve chosen your middle option: off-when-unspecified, on-when-
specified.
I don’t mind adding a global off switch that overrides the on-when-specified
case
to disable all per-doc-access creations.
Best
Jan
—
>
>
> Thank you,
>
> Donat
