Thanks for the resources, I will take a look... I need to:
- have anonymous writes to the database, from the browser (can couchDB validate content before storing it?) - anonymous reads of only specific views, is there a way to limit reads of only specific views? Perhaps through Apache R-Proxying? Cheers, Victor Stan On Mon, Nov 8, 2010 at 11:32 AM, Zachary Zolton <[email protected]> wrote: > Victor, > > If you serve CouchDB directly, or just proxy CouchDB via a web server, > you're gonna need to read up on the CouchDB security model and > consider whether it fits your application. > > This should get you started: > http://guide.couchdb.org/draft/security.html > http://is.gd/gQ3XO > http://www.youtube.com/watch?v=oHKvV3Nh-CI > > The main 'gotcha' with CouchDB's security model is that a user can > either access all or none of the resources for any particular > database. Consider what types of data can be accessed anonymously, by > a particular user or by a role shared by multiple users. You may need > to place documents in different databases depending on who may access > them. > > Perhaps you could explain more of your scenario. > > > Cheers, > > Zach > > On Mon, Nov 8, 2010 at 8:53 AM, Victor Stan <[email protected]> wrote: >> Hello, >> >> I've been considering methods of accessing CouchDB directly from the >> browser, and one method seems to be using Apache or NginX as a reverse >> proxy for CouchDB. >> >> If there are people with experience in that area in this forum, could >> you please share some of the gotchas when it comes to securing access >> to the database; as it seems to me that by removing the server side >> scripts, a security layer is also removed... >> >> Cheers, >> Victor Stan >> >
