Hi there, I'm just starting off with couch db.
There is something I'm wondering about: how should I implement the authorization to access a document. >From an outsider's view, one would use HTTP's authorization method when using any PUT/GET/POST/DELETE requests. But (as I understand it correctly) this mechanism is just available for couch db administrator accounts. So how should I implement a web application security layer? Is there any panacea? On could add a security field that includes ACL data to each document. Then any update validation, view and list must check this data against a user id and password that must be included in the REST request. Or should you really create one couch db admin account for each user? (I'm referring to a web application end-user here) Cheers, Manuel
