Hi, We are investigating the viability of replication with android and iOS couchbase when there is read access control per document on the server side.
Right now we have implemented an android application that replicates a server couchdb database to the mobile and it works pretty well. Problem is that now we want to add read access control on the server side, but we don't know what is the best alternative to still be able to replicate on the mobile devices. Here is what we found so far on this subject: http://wiki.apache.org/couchdb/PerDocumentAuthorization. Also http://stackoverflow.com/questions/4730621/couchdb-prevent-unauthorized-reads. The 2 solutions we are investigating so far are: 1) adding a tier above couchdb on the server side that is some kind of json firewall, to filter out json documents that the user cannot read. 2) create one database per user on the server side, as couchdb read access control is per database. In both cases we would add some ACL on each document to know which user/group can read it. Problem with 1) is it is quite difficult to correctly filter all the requests that the mobile replicator will send to the server. With 2) we have some public documents that all user can read, plus some documents owned by each user. So we will have to put filtered replication between all the user databases in addition to the replication to the usual site to site replication. So we wonder how this scales. Any advice on which solution to go for? Did anyone successfully put in place mobile replication with document read access control on the server side? Thanks, Claire
