I think Benoit is talking about a middle layer. Like node.js or an app server.
If you are doing a thin couchapp style, then yes it's harder. You could use a javascript encryption lib on the client. Although, I could see value of having it handled as a "couch plugin" to the attachment system. On Tue, Apr 12, 2011 at 1:51 PM, Travis Jensen <[email protected]> wrote: > On Apr 12, 2011, at 11:41 AM, Benoit Chesneau <[email protected]> wrote: > >> On Tue, Apr 12, 2011 at 7:33 PM, Travis Jensen <[email protected]> >> wrote: >>> If I wanted to encrypt all attachments, where would I go about hooking >>> in to couch? I'm guessing I would have to replace the current >>> attachment handler, right? >>> >>> I haven't started digging on this; I thought it might be useful to get >>> some feedback first. >>> >>> Thanks >>> >>> Tj >>> >>> - >>> Travis Jensen >>> >> >> for better security I would encode them at the client level so the >> server isn't aware of the decryption key or anything. >> >> - benoƮt > > While I totally agree with you, it isn't really practical for > web-based applications. > > Tj > > - > Travis Jensen >
