Well, if things were always so easy! We have this scenario: our webapp has to server data to different organizations (hopefully thousands, if our product sells well). That means we can not partition data in different databases: it would be a maintenance nightmare. can somebody tell me how to:
- upgrade the design docs in 1000 databases without going crazy? - How to backup them? - ... I mean, the more databases you have, the more complicated maintenance becomes. Maybe that can be automated, but it is not easy out of the box. Besides, I do not want to implement the following: - new organization signs-up - we create a new database for it - we upload the design documens - we trigger those documents I mean, it is probably doable, but I am not walking that path right now. So, the only way that I know of in which we can partition the data is by having an application server in front of couch: a single database for all customers, with access control implemented via view filtering with the org_id as key. The user has no direct access to couch. On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson <rnew...@apache.org> wrote: > Don't grant users access to databases you don't want them to read. :) > > http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization > > B. > > On 6 March 2013 12:33, Mark Hahn <m...@hahnca.com> wrote: > > Anyone logged in can read any document in the DB. I have to check each > > user and what they are trying to do to block illegal actions. > > > > > > On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnew...@apache.org> > wrote: > > > >> "How does everyone solve the security issue?" > >> > >> What security problem? Only administrators can modify design documents. > >> > >> B. > >> > >> On 6 March 2013 11:38, Aurélien Bénel <aurelien.be...@utt.fr> wrote: > >> > Hi, > >> > > >> >> just out of curiosity, would like to hear how CouchDB is being used > in > >> your web environment.... > >> > > >> > We have two main setups: > >> > - CouchApps, > >> > - REST APIs used by heavy clients (Java or Firefox extensions) and > >> attached Web applications. > >> > > >> >> How does everyone solve the security issue? > >> > > >> > We always use CouchDB behind a reverse proxy to add LDAP > authentication > >> and authorization when needed. > >> > > >> > > >> > Regards, > >> > > >> > Aurélien > >> >
