On Feb 21, 2014, at 6:42 AM, Ben Johnson <[email protected]> wrote:
> I will put a few > precautions and validations for the data in the browser but because of > nature of the project users will not be required to log in. Validation in the browser is just a convenience for the user. The real validation has to be on the server. > Can all of the data in > the database be viewed and or modified from someone using curl and my > servers address? If you want anonymous access from a browser, then your database can be viewed anonymously, yes. You can restrict modifications using a validation function. Anyone will still be able to modify the database using curl, but at least they can only post valid data. And it’s pretty easy to make the validation function reject overwriting or deleting documents. —Jens
