I can't think of a solid objection to this idea. The result of a validate_doc_update can already vary based on the local security object. Being able to inspect not only the new document, but any other property of the request seems useful.
B. On 25 May 2012 12:43, Luca Matteis <[email protected]> wrote: > I have a scenario where I'm building a CouchApp that needs to deny > certain behavior from happening based on the user's IP address. > However, the request object isn't available in validate_doc_update() > functions. > > Would it be good to consider this as a new feature to be implemented? > This would enable people to build much more secure CouchApps, without > having to use proxies/firewalls and such. I personally think that > CouchApps are opening up a whole new paradigm for developing web-apps, > making them really easy to distribute around and to install (think of > kanso), since they only require a simple push to a Couch instance. > > So adding new security features such as this, would enable even more > apps to be built this way. > > What do you think?
