On Oct 16, 2015, at 8:10 PM, Seung Chan Lim <[email protected]<mailto:[email protected]>> wrote:
So the only reason you have the prefix is because you have a list of roles to manage for your app, and you want to visibly discern which of them belong to this "feature" and which don't? It helps ensure uniqueness too, so that this feature only gets used with roles that were created as codenames. For example, if you have an unrelated role “novice” that lots of people belong to, then all of them could post docs under the codename “novice”. Probably not a security hole, but not what you intended either; and in stuff related to security you don’t want to allow that kind of wiggle room or it’s likely that someday somebody will figure out a way to use it in a way that breaks security. —Jens -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/DCE00256-D8D9-44F8-940F-3582A272B8A0%40couchbase.com. For more options, visit https://groups.google.com/d/optout.
