On Friday, October 16, 2015 at 11:25:19 AM UTC-7, Jens Alfke wrote: > > > On Oct 16, 2015, at 7:14 AM, Seung Chan Lim <[email protected]> wrote: > > 1. have users create documents > 2. only allow the user that created the document to edit the document > (i.e. in the sync function check the "owner" attribute to be the same as > the authenticated user) > 3. allow everyone see the document (i.e. put it in a "public" channel) > 4. hide who created the document from people other than the creator > > > This is tricky. By design, there isn’t any hidden information in > documents. That’s because we support multi-master replication where docs > might pass through multiple servers/peers, so there isn’t just one source > of ‘truth’. I think the best you can do is to *obscure* the creator, so > that it’s possible to tell that two revisions were written by the same > creator without revealing who that creator is. > > I came up with a clever solution that relies on encrypting the username. > Unfortunately it would require the sync function to decrypt it, but it > isn’t practical to do that because there are no encryption APIs available, > and implementing them in JS in the sync fn would be too slow. :( > > Then JChris came up with an even more clever solution, and I simplified it > a little bit: > > > - For every user, pick a secret string as their ‘codename’. It needs > to be unique, and it needs to be impossible to derive the username from > the > codename. > - Create a role named "codename-“+codename, and grant only that user > that role. > - The client needs to know the user's codename somehow. > - When a client creates a new document, it adds a property “codename” > whose value is the user’s codename. > - The sync function then calls requireRole("codename-"+doc.codename) > > You can also give the user multiple codenames. I'm not exactly sure how many it would take before it's too many. Probably thousands of roles per user would be ok but it'd be worth testing if you think you will have a ton of "codenames" per user.
The hard limit is a few MB of role names but going there could slow down other document operations for that user, as the list of roles will be loaded and parsed as part of their database interactions. Chris -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/8505e2da-96dd-45ab-9403-bf1d97f75bac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
