On Sun, Jan 3, 2010 at 1:10 PM, Nathan Stott <[email protected]> wrote: > If a user can access a document via Futon, he can access via the CouchDB API > if he knows what he's doing. The data is exposed one way or the other if > you store it in documents that users can access. There is no key-level > protection on a document that I am aware of. Correct me if I'm wrong, > someone. >
There is key-level write protection. There is not key-level read protection, and there are no plans to add it. Per document read-control turns out to be extremely non-trivial (think about information leakage via reduce, etc) such that Lotus Notes never even got it right. Chris > On Sun, Jan 3, 2010 at 2:07 PM, Sam Bisbee <[email protected]> wrote: > >> On Sun, Jan 03, 2010 at 11:40:32AM -0800, Chris Anderson wrote: >> > I'd avoid thinking that hiding Futon provides security. Ideally users >> > would be able to get into the data via Futon if they choose. If you >> > structure your validation functions properly, this should be >> > completely secure (more secure than an http-proxy based authorization >> > model). >> >> This strikes me as an odd and interesting proposition (read: the good >> kind). >> >> I can think of plenty of cases where I don't want users to see all the data >> that I have related to them: ex., hashed/crypted passwords, analytics, >> various >> types of scores/weights, my profit margin on their purchases, etc. Allowing >> users to inspect documents about themselves through Futon would allow them >> to >> see all those goodies. >> >> Also, I have always been of the mind that even if something doesn't >> inherently >> cause a security flaw, that you shouldn't give it to your users if you >> don't >> need to (users are too good at breaking things in ways that you don't >> expect, >> especially the malicious ones). >> >> Not that I'm not a fan of open APIs (actually, I'm a huge fan), but even >> those >> enforce validation/rules. >> >> Or were you discussing a specific use case? >> >> Cheers, >> >> -- >> Sam Bisbee >> > -- Chris Anderson http://jchrisa.net http://couch.io
