so presumably this just uses couchdb us a dumb store, since you won't be able to compute views over this data?
B. On 29 March 2011 14:19, Nebu Pookins <[email protected]> wrote: > On Tue, Mar 29, 2011 at 8:54 AM, Robert Newson <[email protected]> > wrote: >> You can get read access control by separating each users documents >> into a separate database. > > This solution gets tricky if there are "shared" documents, though. > You'd basically need one database for each possible grouping of users. > I.e. with N users, you'd need 2^N databases. > >> I'm curious to know where you store the encryption keys such that no >> user can access the key of another user. Whatever you did to solve >> that would seem to be sufficient to prevent the access you were >> concerned about in the first place. Presumably there's also a >> different key per user? > > You basically need to use public key encryption. Each user has their > private key which they keep secret, and the public keys are accessible > to everyone and probably stored in the DB itself (so that the DB > software can also generate documents encrypted towards specific sets > of users). > > - Nebu >
