On 19 Nov 2010, at 23:48, Stefan Klein wrote: > Hi Jan, > > Am 19.11.2010 13:54, schrieb Jan Lehnardt: >> Hi Stefan, >> >> On 19 Nov 2010, at 11:55, Stefan Klein wrote: >> >>> Hi List, >>> >>> [ ... snip ...] >>> Now i'm pretty unsure if this is an evil hack or even a bug in couchdb >>> which get's fixed or if it's just a relay cool feature. >> Looks like it is working as advertised :) — Beware though that if you allow >> anyone to write to your database, people could run some arbitrary JavaScript >> code. Worst that could happen though is making infinite loops that CouchDB >> kills after 5 seconds and then make many of them concurrently, i.e. a >> classical DoS situation. >> >> If it's only you that talks to the database, this looks like a neat hack :) >> >> Cheers >> Jan > Which can be handled by the validate function, only users with a specific > role may create/update documents of a special type. > Thank you!
Actually, the validation function runs after the update function. Cheers Jan --
