2008/4/15, blattgold.cb <[EMAIL PROTECTED]>:
>
> Great stuff! I wonder, though, how to get around the problem that the
> password to access the database is in the javascript source?
I guess you
> need to send the user-supplied authorization data with each request and
> let the couch server handle authorization issues - I saw that you can do
> this through server-side javascript logic...
Exactly.
This simplification should also be safer. It is easier to make sure just the
database gets the security right, rather than making sure every app that
ever uses the database gets the security right.
Off course, there are generic web-serving aspects to security that CouchDB
needs to get right. Like being able to deal with dictionary attacks and DOS
attacks. Worst case scenario's, you can always just proxy everything and set
some security up this way.
What would get things really interesting is when we see qooxdoo applications
storing their source-code and images in couchdb. It would in theory be
possible to make couchdb the only running server. But don't hold your breath
;-)
Greetings,
Ralf
Ralf Nieuwenhuijsen schrieb:
>
> > Well, the code is going great.
> >
> > I'm designing the api to allow different levels of easy and flexibility:
> >
> > - very manual: creating a server and a request object
> >
> > var myServer = new couch.Server('localhost', 1234, 'user',
> 'password');
> > myServer.setTimeout(1000);
> >
> > var req = new couch.request.CreateDatabase(myServer, "mydatabase");
> > req.addEventListener("database-created", function (e) { ... }):
> > req.addEventListener("database-exists", function (e) { .. });
> >
> > - less manual: automatic server parsing
> >
> > var req = new
> > couch.request.CreateDatabase("user:[EMAIL PROTECTED]:1234",
> > "mydatabase");
> > req.addEventListener("database-created", function (e) { ... }):
> > req.addEventListener("database-exists", function (e) { .. });
> >
> > - easier: not messing with request-objects yourself
> >
> > var myServer = new couch.Server ('localhost', 1234,
> 'user','password');
> > var myDb = myServer.database('mydatabase');
> > myDb.addEventListener("created", function (e) { .... });
> > myDb.addEventListener("exists", function (e) { .... });;
> > myDb.create();
> >
> > - easier: automatic server parsing
> >
> > var myDb = new couch.Database('mydatabase',
> > 'user:[EMAIL PROTECTED]:1234');
> > myDb.addEventListener("created", function (e) { .... });
> > myDb.addEventListener("exists", function (e) { .... });;
> > myDb.create();
> >
> > - a little persistance: create an object based on the value of the
> > 'type', setting the public properties
> >
> > var myDb = new couch.Database('mydatabase',
> > 'user:[EMAIL PROTECTED]:1234');
> > var myDoc = myDb.document('some-doc-id');
> > mydoc.addEventListener ('instantiated', function (e) { ... });
> > mydoc.addEventListener ('invalid', function (e) { ... });
> > mydoc.requestInstance();
> >
> > - easy persistance: use a mixin to give any object toCouch() and
> > fromCouch()
> >
> > qx.Class.define("custom.Person",{
> > extend: qx.core.Target,
> > uses: couch.MPersistance,
> >
> > properties:
> > {
> > name: { type: "string"; nullable: true },
> > email: {type: "string", nullable: true }
> > }
> > });
> >
> >
> couch.Persistance.getInstance().setDatabase('people','localhost:1234');
> > var P = new custom.Person();
> > P.set({name: 'John Doe', email: '[EMAIL PROTECTED]'});
> > P.toCouch();
> >
> > Most code, except the persistance part, is done now, but i need to do
> > a lot of testing to make sure everything works as it is supposed to.
> >
> > Any thoughts?
> >
> > Greetings,
> > Ralf
> >
> >
> >
>
> > 2008/4/14, cboulanger <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]
> >>:
>
> >
> > CouchDB looks quite interesting. I hate Schemas that have to be
> > upgraded
> > and synchronized in different databse instances. It would be great
> to
> > have a qooxdoo API to access this kind of database. JSON as a native
> > database format would fit perfectly to a qooxdoo client...
> >
> > Ralf Nieuwenhuijsen schrieb:
> >
> > > According to the outdated documentation:
> > > "Data to send with the request. Only used for POST requests. This
> is
> > > the real post data. Generally this is a string of url-encoded
> > > key-value pairs."
> > >
> > > Why not for PUT requests as well?
> > > Also, the documention mentions several times that only GET and
> POST
> > > are supported.
> > > Eventhough PUT and DELETE do 'just work'
> > >
> > > I'm creating a nice CouchDB abstraction layer and haven't tested
> the
> > > above behavior completely.
> > > I'm also aware not all transport systems support REST. Can someone
> > > specify on which browsers and versions it will fall back to
> > > IframeTransport?
> > >
> > > When i'm done with library i will mail the code here and assign
> > > copyright to one of the official qooxdoo developers, if they want
> > > that. That should make future liscence choices the easiest. I
> really
> > > believe CouchDB is a nice fit for Qooxdoo.
> > >
> > > Write your app in javascript. Write your views in javascript.
> Store
> > > your data as json-documents.
> > >
> > > Who needs middleware anyway?
> > >
> > > Greetings,
> > > Ralf
> > >
> > >
> >
> > >
> >
> ------------------------------------------------------------------------
> > >
> > >
> >
> -------------------------------------------------------------------------
> > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > > Don't miss this year's exciting event. There's still time to
> > save $100.
> > > Use priority code J8TL2D2.
> > >
> >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > qooxdoo-devel mailing list
> > > [email protected]
>
> > <mailto:[email protected]>
>
> > > https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
> > >
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save
> > $100.
> > Use priority code J8TL2D2.
> >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > qooxdoo-devel mailing list
> > [email protected]
>
> > <mailto:[email protected]>
>
> > https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save $100.
> > Use priority code J8TL2D2.
> >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > qooxdoo-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
> >
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> qooxdoo-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
>
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
qooxdoo-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
