If a user can access a document via Futon, he can access via the CouchDB API if he knows what he's doing. The data is exposed one way or the other if you store it in documents that users can access. There is no key-level protection on a document that I am aware of. Correct me if I'm wrong, someone.
On Sun, Jan 3, 2010 at 2:07 PM, Sam Bisbee <[email protected]> wrote: > On Sun, Jan 03, 2010 at 11:40:32AM -0800, Chris Anderson wrote: > > I'd avoid thinking that hiding Futon provides security. Ideally users > > would be able to get into the data via Futon if they choose. If you > > structure your validation functions properly, this should be > > completely secure (more secure than an http-proxy based authorization > > model). > > This strikes me as an odd and interesting proposition (read: the good > kind). > > I can think of plenty of cases where I don't want users to see all the data > that I have related to them: ex., hashed/crypted passwords, analytics, > various > types of scores/weights, my profit margin on their purchases, etc. Allowing > users to inspect documents about themselves through Futon would allow them > to > see all those goodies. > > Also, I have always been of the mind that even if something doesn't > inherently > cause a security flaw, that you shouldn't give it to your users if you > don't > need to (users are too good at breaking things in ways that you don't > expect, > especially the malicious ones). > > Not that I'm not a fan of open APIs (actually, I'm a huge fan), but even > those > enforce validation/rules. > > Or were you discussing a specific use case? > > Cheers, > > -- > Sam Bisbee >
