On Sun, Jan 3, 2010 at 10:13 AM, Karel Minařík <[email protected]> wrote: > Hi, > >> On Jan 3, 2010, at 6:31 AM, Paweł Stawicki <[email protected]> >>> >>> It is unevitable that if DB is accessible in the internet, everyone >>> can edit/add/delete documents. After all, this is what I want. But I >>> don't want to allow deletion of whole database. Or access to another >>> databases on the same CouchDB server. > >>> Even if I can prevent deletion of whole database, I can't prevent >>> deletion of single documents, and malicious user could delete them one >>> by one. > >>> So in a nutshell, I have questions: >>> 1. Is it possible to prevent deletion of database? >>> 2. Is it possible to prevent deletion of documents? Or, even better... >>> 3. ...is it possible to limit number of deleted documents for specific >>> IP for time unit. E.g. one document deletion per minute? > > I am quite green in this area, but I've been thinking a bit about this > lately and IMHO you can do several things: > > First, you can hook up your application with some reverse-proxy, as Sean > Hess adviced. This way you can expose only the URL to one database (and > possibly to the _design/myapp document, so you get nicer URLs). In Nginx, > you'd do something like this: http://gist.github.com/268061, it would be > very similar in Apache. This way, you're not exposing the whole couch, but > only that specific database, restricting the access. > > Then, you can implement basic authentication > [http://books.couchdb.org/relax/reference/security], which basically will > disallow anyone to create/delete design docs and other stuff (see the relax > book for listing.) Anyone un-authorized can still create/update/delete > "regular" documents, which is what you want. > > Then again, you can restrict deleting/updating/etc docs to the user who > originally created those (which is basically what @jchrisa's sofa does, see > http://github.com/jchris/sofa/blob/master/validate_doc_update.js#L12-14), or > disallow deleting docs entirely (again see @jchrisa's toast, > http://github.com/jchris/toast/blob/master/validate_doc_update.js#L10-14). > (In a Wiki, it could make sense to disallow deleting docs, unless > authorized, etc) > > I am not sure how to limit number of deletions per IP+time, unless you have > some authentication info about the user... >
Everything except the throttling of deletes for a given user should be easy to do natively with CouchDB. Only admins can create and destroy DBs, install design docs, etc. If you want to see a preview of the new login feature, it's available at http://github.com/jchris/couchdb/tree/account See the bottom right hand corner of Futon. Comments/patches very welcome! I plan to merge it to trunk before 0.11 release, so it should be a viable option for new apps. Chris -- Chris Anderson http://jchrisa.net http://couch.io
