Daniel. That's how I'd do it. In fact I'm doing something similar and I haven't found any performance trouble with the views yet, I also don't expect to have more than a few thousand docs per user and a few thousand users so I'm not real worried about scale. I think the critical thing is that you keep that org_id trapped in the app server so the front end can't modify and get access to another org's data. On Mar 7, 2013, at 9:37 AM, Daniel Gonzalez <gonva...@gonvaled.com> wrote:
> Well, if things were always so easy! > > We have this scenario: our webapp has to server data to different > organizations (hopefully thousands, if our product sells well). That means > we can not partition data in different databases: it would be a maintenance > nightmare. can somebody tell me how to: > > - upgrade the design docs in 1000 databases without going crazy? > - How to backup them? > - ... > > I mean, the more databases you have, the more complicated maintenance > becomes. Maybe that can be automated, but it is not easy out of the box. > > Besides, I do not want to implement the following: > > - new organization signs-up > - we create a new database for it > - we upload the design documens > - we trigger those documents > > I mean, it is probably doable, but I am not walking that path right now. > So, the only way that I know of in which we can partition the data is by > having an application server in front of couch: a single database for all > customers, with access control implemented via view filtering with the > org_id as key. The user has no direct access to couch. > > On Wed, Mar 6, 2013 at 7:42 PM, Robert Newson <rnew...@apache.org> wrote: > >> Don't grant users access to databases you don't want them to read. :) >> >> http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization >> >> B. >> >> On 6 March 2013 12:33, Mark Hahn <m...@hahnca.com> wrote: >>> Anyone logged in can read any document in the DB. I have to check each >>> user and what they are trying to do to block illegal actions. >>> >>> >>> On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnew...@apache.org> >> wrote: >>> >>>> "How does everyone solve the security issue?" >>>> >>>> What security problem? Only administrators can modify design documents. >>>> >>>> B. >>>> >>>> On 6 March 2013 11:38, Aurélien Bénel <aurelien.be...@utt.fr> wrote: >>>>> Hi, >>>>> >>>>>> just out of curiosity, would like to hear how CouchDB is being used >> in >>>> your web environment.... >>>>> >>>>> We have two main setups: >>>>> - CouchApps, >>>>> - REST APIs used by heavy clients (Java or Firefox extensions) and >>>> attached Web applications. >>>>> >>>>>> How does everyone solve the security issue? >>>>> >>>>> We always use CouchDB behind a reverse proxy to add LDAP >> authentication >>>> and authorization when needed. >>>>> >>>>> >>>>> Regards, >>>>> >>>>> Aurélien >>>> >>
