Thanks for the reply Jens. I'll start working on it probably this weekend, and lets see what comes out of it.
Hopefully it won't be hard to modify a simple nodejs proxy to do the basics of what I want, but you never know (and I'm not that great with js).. On Fri, Sep 7, 2012 at 5:05 PM, Jens Alfke <[email protected]> wrote: > > On Sep 6, 2012, at 4:54 PM, Eduardo Scoz <[email protected]> wrote: > > > Is there a list somewhere of all the possible requests that couchdb > accepts > > (like _changes, _all_docs, etc)? Blocking all requests by default and > > making only the few things I would like to have available could be a > > possibility. > > Not really. The reference I usually use is this one in the wiki[1], but > it’s incomplete; I’ve added details as I discover them, but I’m sure there > are other things missing. > > Your approach of whitelisting might be the best way to do it, especially > since the db on the server will only be accessed by the TouchDB replicator, > which is fairly predictable in the subset of API calls that it makes. > > I’m interested to see whether this works for you, because this would be > useful to other people too. The Syncpoint database-per-user approach is > IMHO cleaner and more flexible, but will take a fair bit of doing to > implement properly, and JChris hasn’t had time to devote to it lately. > > —Jens > > [1]: http://wiki.apache.org/couchdb/Complete_HTTP_API_Reference
