On Jul 22, 2010, at 2:47 PM, Catherine Jones wrote:
> I have a couch database (with an admin and and an admin password
> defined) that's sitting behind an nginx proxy. The ngin proxy routes
> traffic between http://127.0.0.1:5984 on my VPS and the public address
> of http://my_domain_name/subdirectory_name. I want anonymous visitors to
> my website to be able to read from the database but not write to it.
>
> While I can include validation functions in my design documents, this
> doesn't, as far as I can tell, prevent an anonymous person from sending
> a request like:
>
> curl -X PUT http://my_domain_name/subdirectory_name/my_database_name/
> "some_new_doc_id" -d @some_json_file
>
> and thus writing a new document to the database. I can use an obscure
> name for the database, of course, but isn't there some better way? Am I
> missing something here? Thanks...
>
You can reject all writes in a validation function, so this is definitely
possible.
What you probably want to do is
function(newDoc, oldDoc, userCtx) {
if (userCtx.name != "Catherine"} throw({forbidden:"only Catherine can write");
}
> Catherine
>
>
>
