Hi Peter Will the users create their own datastructures too? If not this sounds like sql on relational tables might be a better tool for the problem. It seems to me you're hitting exactly the weak point of most nosql solutions.
Alex 2014-11-28 0:49 GMT+01:00 Peter Grman <[email protected]>: > Hi, > > this might sound like a terrible idea to someone who knows CouchDB, and if > that's the case, please just take a minute or two, to explain why, > otherwise, if the idea isn't so crazy after all, I hope I'll get some > solutions to my problem: > > I'm thinking of creating a platform based on CouchDB, where each set of > users (group, customer, ...) would get their own CouchDB Database, to store > and query data. I've heard in a podcast, roughly a year ago, that this is > how CouchDB was meant to be - many smaller databases. > > To query the data, I want to allow them, to define their own custom > queries. Now I could (and want to) create a form which allows to build a > query and translates it to a JS view, but I was thinking about > additionally, on top of that, allowing them to define their custom views > directly in JS. They would basically be allowed to define their custom > Map/Reduce functions. > > There is a lot which can go wrong with this the worst ones I came up with: > - DoS attack with endless loops inside the function > - DoS attack by emitting too much data (potentially in a loop again) > > As far as I've understood, it's not possible to access other Databases from > within the view, is this understanding of mine correct? > > Is it possible to access the filesystem or network services in any way from > the CouchDB view or is the JavaScript engine, which is running the code, > limiting enough? > > Are there any other things which could go wrong? - or did actually somebody > already use CouchDB like this, and it's perfectly normal? > > Is there any way I could prevent the problem with endless loops and data > emitting from happening? - I can run JSLint, which maybe will detect an > endless loop, but that won't help against a loop with a million iterations, > which will be called for every item inside CouchDB - still quite endless. > > Thank you for your help! > > Cheers, > Peter >
