I've been deploying some robust apps as couchapps recently and I've had mixed results. Overall I really like the new setup but I think there is room for improvement. I stick my app behind a node js proxy (and also use it like a worker). To handle security, I have two databases. One that handles registration and and any data I don't mind being public and I have a separate database that stores all of the private data and which is only accessible by the admin user. I'm paranoid so I created an admin user and set require valid user to true. My proxy then makes every "public" request to my public couchapp authenticated as the admin (until the user logs in, in which case they are then authenticated as themselves). For any private data that pertains to them and only them, they have to get access to that data only after that are authenticated and then the admin user grabs that data for them from the private database. I'm still debating whether this is overkill but I really like the idea of pushing the logic into the database as much as possible.
Sent from my iPhone On Mar 6, 2013, at 3:05 PM, Sean Copenhaver <sean.copenha...@gmail.com> wrote: > I've made a site that was only a couchapp and enjoyed the experience quite > a bit. I've also used it for internal tooling to store data and to host > mini couchapps for search or utility pages. > > In all cases though security of data (at least I didn't care who could read > the data) was not a requirement and I've greatly enjoyed my experiences. I > would love to play around with gardener along with an OS daemon to try a > tightly coupled nodejs + couchdb setup. Would also love to see CouchDB > hosts to offer such things as well. > > > > On Wed, Mar 6, 2013 at 2:51 PM, Dan Santner <dansant...@me.com> wrote: > >> I think it's brilliant as just a database and no more. So that's how I >> use it. I have a similar setup to your #2. Perhaps that just because I >> feel most comfortable with that type of setup. This way I don't burden >> couch with anything security related. It just eats and serves docs. My >> app tier handles the access control and other tasks like email or any other >> services over the net that I need to use. >> >> >> On Mar 6, 2013, at 1:27 PM, Wendall Cada <wenda...@83864.com> wrote: >> >>> We use couchdb in two configurations. >>> >>> 1. As a couchapp serving content for basic consumption. (For a url >> shortener service) >>> 2. As a database on localhost behind pylons or pyramid. >>> >>> To address the security question. We've been using couchdb for long >> enough that it didn't have any security when we started using it in >> production (0.8). Up until recently _users was a somewhat insecure feature. >> It's only been with the release of 1.2.0 that _users is handled securely. >>> >>> For our needs, couchdb still does not have robust enough acls for any of >> our applications, so for now, it needs to run behind our app servers. I see >> changes for this on the roadmap, but until this actually happens, couchdb >> will happily sit on localhost serving docs. >>> >>> I'm not sure why it isn't understood that based on it's history, CouchDB >> has mostly been used as a database. I know people want it to be an app >> server, but, in my opinion, that's the weakest part of the entire system. >>> >>> Wendall >>> >>> On 03/06/2013 09:51 AM, Robert Newson wrote: >>>> "How does everyone solve the security issue?" >>>> >>>> What security problem? Only administrators can modify design documents. >>>> >>>> B. >>>> >>>> On 6 March 2013 11:38, Aurélien Bénel <aurelien.be...@utt.fr> wrote: >>>>> Hi, >>>>> >>>>>> just out of curiosity, would like to hear how CouchDB is being used >> in your web environment.... >>>>> We have two main setups: >>>>> - CouchApps, >>>>> - REST APIs used by heavy clients (Java or Firefox extensions) and >> attached Web applications. >>>>> >>>>>> How does everyone solve the security issue? >>>>> We always use CouchDB behind a reverse proxy to add LDAP >> authentication and authorization when needed. >>>>> >>>>> >>>>> Regards, >>>>> >>>>> Aurélien > > > -- > “The limits of language are the limits of one's world. “ - Ludwig von > Wittgenstein > > "Water is fluid, soft and yielding. But water will wear away rock, which is > rigid and cannot yield. As a rule, whatever is fluid, soft and yielding > will overcome whatever is rigid and hard. This is another paradox: what is > soft is strong." - Lao-Tzu
