On 6 September 2012 22:41, Eduardo Scoz <[email protected]> wrote: > Hi guys, > > Is there any way to put an app server between two CouchDB instances to > manage security during replication? > > I'm working on a mobile app using TouchDB (iOS and Android), and I'm > replicating the data back to the server using the normal CouchDB > replication. In my use case, user creates new documents locally on the > device, and syncs the DB with the host to push changes and get new > documents. Filtered replication works well for getting only important docs > and validate_doc_update is enough to prevent unauthorized writes, but that > still leaves the database open for anybody with an ID to read other user's > docs. > > My idea is to put CouchDB behind something like Nginx or NodeJS that would > intercept direct calls to the database, but still let replication work (as > described above). all_docs replication would also have to be disabled, I > guess. > > has anyone done anything like this? Any pointers on how one would make it? > > Thanks! > > Eduardo
Hi Eduardo, Security is enforced at the DB level in CouchDB. Does your app architecture allow this? Fundamentally, the replicator is a clever, optimised HTTP client, so blocking all except the replicator will be very difficult, if not impossible. Any other ideas out there? A+ Dave
