I have a scenario where I'm building a CouchApp that needs to deny certain behavior from happening based on the user's IP address. However, the request object isn't available in validate_doc_update() functions.
Would it be good to consider this as a new feature to be implemented? This would enable people to build much more secure CouchApps, without having to use proxies/firewalls and such. I personally think that CouchApps are opening up a whole new paradigm for developing web-apps, making them really easy to distribute around and to install (think of kanso), since they only require a simple push to a Couch instance. So adding new security features such as this, would enable even more apps to be built this way. What do you think?
