On Feb 10, 2014, at 5:17 PM, Alan McKean <[email protected]<mailto:[email protected]>> wrote:
I am also HIPAA-compliant so it 'requires' a separation of the db server from the public so I can't expose CouchDB to the public. I'm no expert on HIPAA, but we've had other developers here working on compliant apps, and none of them have brought this up as an issue. To me it seems to make no effective difference in security/privacy whether the app connects directly to CouchDB or gets the data through some intermediate server. (As a reducto ad absurdum, could you put an HTTP proxy in between and call that a "separation" of the db server?) One could argue that CouchDB implements both a database and an app server, with the database layer kept protected by the access controls in the app server layer. I have a route in my Node.js server that gives me the changes from the private CouchDB server . I track the 'lastSequenceNumber' in my app and request changes since that on launch. So I get the CouchDB data from the Node.js server and want to put it into CBL. So I have to preserve the _id and _rev properties of each document so that I can update them back on the server. In effect you're re-implementing the replicator. That's not a task I would wish on anyone; it's not hard to get it mostly working, but there is a long tail of issues that have kept me tweaking it intermittently for two years. :-p The CBL replicator uses an internal API that allows it to take already-existing revisions (with _rev already assigned) and insert them into the database. That API isn't exposed publicly and I'd be hesitant to offer any support for it. It requires you do some extra work like obtaining the revision history of the document and downloading all necessary attachments. --Jens -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/B3EF2DA8-E1A0-4167-996A-C8810C3BCF90%40couchbase.com. For more options, visit https://groups.google.com/groups/opt_out.
