Daniel, So basically, what you r saying is that you put application layer in front of couch, so user no direct access to the couch.. Right?..I think you did pretty much similar thing #2 in my original post... BTW, just out of curiosity, by doing this, any performance degradation / or any trouble stuff you may have to face with something you might had not expected at all ?...
Thanks, > From: gonva...@gonvaled.com > Date: Thu, 7 Mar 2013 16:37:36 +0100 > Subject: Re: Curiosity how you use CouchDB in your web env. > To: user@couchdb.apache.org > > Well, if things were always so easy! > > We have this scenario: our webapp has to server data to different > organizations (hopefully thousands, if our product sells well). That means > we can not partition data in different databases: it would be a maintenance > nightmare. can somebody tell me how to: > > - upgrade the design docs in 1000 databases without going crazy? > - How to backup them? > - ... > > I mean, the more databases you have, the more complicated maintenance > becomes. Maybe that can be automated, but it is not easy out of the box. > > Besides, I do not want to implement the following: > > - new organization signs-up > - we create a new database for it > - we upload the design documens > - we trigger those documents > > I mean, it is probably doable, but I am not walking that path right now. > So, the only way that I know of in which we can partition the data is by > having an application server in front of couch: a single database for all > customers, with access control implemented via view filtering with the > org_id as key. The user has no direct access to couch. > > On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson <rnew...@apache.org> wrote: > > > Don't grant users access to databases you don't want them to read. :) > > > > http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization > > > > B. > > > > On 6 March 2013 12:33, Mark Hahn <m...@hahnca.com> wrote: > > > Anyone logged in can read any document in the DB. I have to check each > > > user and what they are trying to do to block illegal actions. > > > > > > > > > On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnew...@apache.org> > > wrote: > > > > > >> "How does everyone solve the security issue?" > > >> > > >> What security problem? Only administrators can modify design documents. > > >> > > >> B. > > >> > > >> On 6 March 2013 11:38, Aurélien Bénel <aurelien.be...@utt.fr> wrote: > > >> > Hi, > > >> > > > >> >> just out of curiosity, would like to hear how CouchDB is being used > > in > > >> your web environment.... > > >> > > > >> > We have two main setups: > > >> > - CouchApps, > > >> > - REST APIs used by heavy clients (Java or Firefox extensions) and > > >> attached Web applications. > > >> > > > >> >> How does everyone solve the security issue? > > >> > > > >> > We always use CouchDB behind a reverse proxy to add LDAP > > authentication > > >> and authorization when needed. > > >> > > > >> > > > >> > Regards, > > >> > > > >> > Aurélien > > >> > >
