On Thu, Jan 2, 2014 at 12:27 AM, Robert Newson <[email protected]> wrote:
> "there’s no notion of read-protection in CouchDB." > > There’s no document level read protection, but you can certainly grant or > deny read access to users on a per database basis. That’s by design due to > the ease that information could leak out through views (particularly reduce > views). The restrictive proxy approach is brittle, it requires that you > know all the URL patterns to block and keep them up to date when you > upgrade CouchDB. It can work, it’s just not awesome. > > B. > > There is also the coming validate_doc_read [1] function from rcouch. Not sure if it will be added in the final merge, but this something we could investigate. - benoit [1] https://github.com/refuge/rcouch/wiki/Validate-documents-on-read . > > On 1 Jan 2014, at 20:47, Jens Alfke <[email protected]> wrote: > > > > > On Dec 31, 2013, at 1:44 AM, meredrica <[email protected]> wrote: > > > >> I expose CouchDB directly to mobile clients and wanted to hide some > >> information from them. > > > > You can’t really do that; there’s no notion of read-protection in > CouchDB. > > As a workaround you can put CouchDB behind a proxy or gateway, and > restrict the URL patterns that clients are allowed to send. > > > > —Jens > > > >
