On Sun, Jan 3, 2010 at 11:21 AM, Karel Minařík <[email protected]> wrote: > Hi, > >> Everything except the throttling of deletes for a given user should be >> easy to do natively with CouchDB. > > how about anyone accessing other databases, documents? Ie., I want to expose > one database, containing the app (blog, wiki, etc), but not allow anyone > browse databases, use Futon, etc. As far as I know the only way how to > accomplish that would be to put reverse-proxy between the public and couch.
I'd avoid thinking that hiding Futon provides security. Ideally users would be able to get into the data via Futon if they choose. If you structure your validation functions properly, this should be completely secure (more secure than an http-proxy based authorization model). OTOH, if you want to make some databases private (read-control), CouchDB does not have a provision for that. Using an HTTP proxy layer is great for this usage. And if you do it right, it has the advantage that Futon should work fine for databases the user has permission to read. We are planning per-database reader ACLs, hopefully in time for 0.11, depending on how complex the patch is. Chris > > Karel > -- Chris Anderson http://jchrisa.net http://couch.io
