On Tue, 4 Aug 2020 at 13:10, Jan Lehnardt <j...@apache.org> wrote: > > Ah, there might be a misconception. Per-doc-access databases are not “more > secure” > than regular databases. They are a trade-off between additional > access-control for > additional CPU and disk resources. But it’s not a case of having a regular > db-as- > we-know-and-use-it-today and enabling per-doc-access and now it is more > secure, > it behaves differently and your app needs to account for that.
I didn't mean it would make the product more secure out-of-the-box. I was just referring to the principle of least privilege ([1]) - as in people would not be able to create "free for all" databases by accident (forgetting to supply the enable flag). Please let me know if I misunderstood the feature somehow. > I don’t mind adding a global off switch that overrides the on-when-specified > case > to disable all per-doc-access creations. Awesome, thank you! Donat [1] https://en.wikipedia.org/wiki/Principle_of_least_privilege
