On Sep 6, 2012, at 1:41 PM, Eduardo Scoz <[email protected]<mailto:[email protected]>> wrote:
My idea is to put CouchDB behind something like Nginx or NodeJS that would intercept direct calls to the database, but still let replication work (as described above). all_docs replication would also have to be disabled, I guess. What makes this tricky is that document contents leak out through other API calls besides direct GETs of a doc URL. For instance, you can look at all documents by getting the _changes feed or _all_docs, and of course querying views. Your proxy layer would have to be aware of these — for example it would have to block any requests for _changes unless they specified a filter that restricted the results to docs that user can see (or maybe it could rewrite the URL to add such a filter?) I think this is do-able but it’s the sort of thing where I’d worry that someone will come up with some creative use of the API to get around it. A proposed solution by the couchbase guys is to have multiple databases, one for each user, and then use replication to share the data, but this seems unmanageable to me once you get thousands of users syncing docs around. It depends on your data model. At one extreme, if users’ data is entirely private, the user databases will all be independent and there’s no overhead. How much data is shared between your users? —Jens
