List function are bad for performance since they are evaluated every time they run. I wanted to avoid them and use views (disk storage is cheap, CPU is not)
Stanley Iriele <[email protected]> wrote: >Correct me if I'm wrong here... If every doc had some meta info with >it... >And every URL rewrite went to a show or list function...couldn't you >use >the sec object passed on the request object to get what you want?... Or >pass in some application level user credentials... Granted that doesn't >sound very elegant >On Jan 2, 2014 7:22 AM, "Robert Newson" <[email protected]> wrote: > >> >> It doesn’t achieve the same effect, though, the virtual host + url >> rewriter is not an access control mechanism. You’re still granting >> database-wide read permissions to the user. >> >> B. >> >> >> On 2 Jan 2014, at 09:09, Florian Westreicher Bakk.techn. < >> [email protected]> wrote: >> >> > I put a design doc behind a desk record / virtual host, that should >do >> the trick. The user that is used by the app is read only >> > >> > Robert Newson <[email protected]> wrote: >> >> "there’s no notion of read-protection in CouchDB." >> >> >> >> There’s no document level read protection, but you can certainly >grant >> >> or deny read access to users on a per database basis. That’s by >design >> >> due to the ease that information could leak out through views >> >> (particularly reduce views). The restrictive proxy approach is >brittle, >> >> it requires that you know all the URL patterns to block and keep >them >> >> up to date when you upgrade CouchDB. It can work, it’s just not >> >> awesome. >> >> >> >> B. >> >> >> >> . >> >> >> >> On 1 Jan 2014, at 20:47, Jens Alfke <[email protected]> wrote: >> >> >> >>> >> >>> On Dec 31, 2013, at 1:44 AM, meredrica <[email protected]> >wrote: >> >>> >> >>>> I expose CouchDB directly to mobile clients and wanted to hide >some >> >>>> information from them. >> >>> >> >>> You can’t really do that; there’s no notion of read-protection in >> >> CouchDB. >> >>> As a workaround you can put CouchDB behind a proxy or gateway, >and >> >> restrict the URL patterns that clients are allowed to send. >> >>> >> >>> —Jens >> >>> >> > >> > -- >> > Sent from Kaiten Mail. Please excuse my brevity. >> >> -- Sent from Kaiten Mail. Please excuse my brevity.
