Hi, this might sound like a terrible idea to someone who knows CouchDB, and if that's the case, please just take a minute or two, to explain why, otherwise, if the idea isn't so crazy after all, I hope I'll get some solutions to my problem:
I'm thinking of creating a platform based on CouchDB, where each set of users (group, customer, ...) would get their own CouchDB Database, to store and query data. I've heard in a podcast, roughly a year ago, that this is how CouchDB was meant to be - many smaller databases. To query the data, I want to allow them, to define their own custom queries. Now I could (and want to) create a form which allows to build a query and translates it to a JS view, but I was thinking about additionally, on top of that, allowing them to define their custom views directly in JS. They would basically be allowed to define their custom Map/Reduce functions. There is a lot which can go wrong with this the worst ones I came up with: - DoS attack with endless loops inside the function - DoS attack by emitting too much data (potentially in a loop again) As far as I've understood, it's not possible to access other Databases from within the view, is this understanding of mine correct? Is it possible to access the filesystem or network services in any way from the CouchDB view or is the JavaScript engine, which is running the code, limiting enough? Are there any other things which could go wrong? - or did actually somebody already use CouchDB like this, and it's perfectly normal? Is there any way I could prevent the problem with endless loops and data emitting from happening? - I can run JSLint, which maybe will detect an endless loop, but that won't help against a loop with a million iterations, which will be called for every item inside CouchDB - still quite endless. Thank you for your help! Cheers, Peter
