On Nov 6, 2015, at 1:29 PM, Brendan Duddridge <[email protected]<mailto:[email protected]>> wrote:
Sorry, there's a lot to get your head around with Couchbase and Sync Gateway and channels and authorization, etc. I didn't see this particular question addressed in the online manual so I asked it here. I was just trying to find out what would happen if a user tried to do this sort of thing. http://developer.couchbase.com/documentation/mobile/1.1.0/develop/guides/sync-gateway/sync-function-api-guide/validation/index.html It’s critical that the sync function treat all incoming documents as untrusted, and validate the sh*t out of them. Even if you’re sure your app would never create invalid documents, that doesn’t stop an attacker from sending bogus docs directly to the SG REST API. —Jens -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/A6FFD9D4-6B95-4CC2-A825-189F8F8B57B3%40couchbase.com. For more options, visit https://groups.google.com/d/optout.
