On Sun, Jan 03, 2010 at 01:18:26PM -0800, Chris Anderson wrote: > On Sun, Jan 3, 2010 at 1:10 PM, Nathan Stott <[email protected]> wrote: > > If a user can access a document via Futon, he can access via the CouchDB API > > if he knows what he's doing. The data is exposed one way or the other if > > you store it in documents that users can access. There is no key-level > > protection on a document that I am aware of. Correct me if I'm wrong, > > someone. > > > > There is key-level write protection. There is not key-level read > protection, and there are no plans to add it. > > Per document read-control turns out to be extremely non-trivial (think > about information leakage via reduce, etc) such that Lotus Notes never > even got it right.
Out of interest, is there some documentation available on the subject (maybe a CouchDB or Lotus Notes dev's blog post)? Also, I assume that this leakage would only happen locally and isn't exposed to remote users? Thanks, -- Sam Bisbee
