sounds like a very interesting application seems like you dont care if the user has to wait for an index to be built when the user creates a query
Alex 2014-11-28 2:23 GMT+01:00 Peter Grman <[email protected]>: > Hi Alex, > > Yes, the users would be able to import different sets of data, which isn't > relational, and use the platform to analyse it. The analysed data would be > in 99% of the cases append only (+ removing old data) and the data can be > defined by the user, as well as be hierarchical. > > When I thought about the system in the beginning, CouchDB seemed like an > awesome choice as there would be only a couple of well defined queries and > storage is generally cheap, I thought that CouchDB views and their caching > are what I'm looking for. > > The problem is again only with people who want to trick the system. I would > be also happy with a solution which would detect bad views ones they have > been deployed (uses too much space, takes too long to compute) and > deactivates and marks them for me to check. This way I could check those > few people who try a DoS attack and ban them from the service. > > The additional main problem was, if it is really impossible to get data > from a different database inside the view and if the user won't be able to > access the underlying system, ..., or if it is just very difficult => > possible, if someone wants to do it they'll find a way. But after reading > more and understanding more, how the views are executed using evalcx I > think the other problems aren't a big concern for me anymore, is that > correct?. > > Although I've found in the code "if possible, use evalcx (not always > available)" - how can I check that evalcx is available on my system? Or is > it just a note for older distributions, nothing to be concerned about > anymore? > > Thank you > > Cheers > Peter > > On Fri Nov 28 2014 at 1:37:57 AM Alexander Gabriel <[email protected]> > wrote: > > > Hi Peter > > > > Will the users create their own datastructures too? > > If not this sounds like sql on relational tables might be a better tool > for > > the problem. > > It seems to me you're hitting exactly the weak point of most nosql > > solutions. > > > > Alex > > > > > > 2014-11-28 0:49 GMT+01:00 Peter Grman <[email protected]>: > > > > > Hi, > > > > > > this might sound like a terrible idea to someone who knows CouchDB, and > > if > > > that's the case, please just take a minute or two, to explain why, > > > otherwise, if the idea isn't so crazy after all, I hope I'll get some > > > solutions to my problem: > > > > > > I'm thinking of creating a platform based on CouchDB, where each set of > > > users (group, customer, ...) would get their own CouchDB Database, to > > store > > > and query data. I've heard in a podcast, roughly a year ago, that this > is > > > how CouchDB was meant to be - many smaller databases. > > > > > > To query the data, I want to allow them, to define their own custom > > > queries. Now I could (and want to) create a form which allows to build > a > > > query and translates it to a JS view, but I was thinking about > > > additionally, on top of that, allowing them to define their custom > views > > > directly in JS. They would basically be allowed to define their custom > > > Map/Reduce functions. > > > > > > There is a lot which can go wrong with this the worst ones I came up > > with: > > > - DoS attack with endless loops inside the function > > > - DoS attack by emitting too much data (potentially in a loop again) > > > > > > As far as I've understood, it's not possible to access other Databases > > from > > > within the view, is this understanding of mine correct? > > > > > > Is it possible to access the filesystem or network services in any way > > from > > > the CouchDB view or is the JavaScript engine, which is running the > code, > > > limiting enough? > > > > > > Are there any other things which could go wrong? - or did actually > > somebody > > > already use CouchDB like this, and it's perfectly normal? > > > > > > Is there any way I could prevent the problem with endless loops and > data > > > emitting from happening? - I can run JSLint, which maybe will detect an > > > endless loop, but that won't help against a loop with a million > > iterations, > > > which will be called for every item inside CouchDB - still quite > endless. > > > > > > Thank you for your help! > > > > > > Cheers, > > > Peter > > > > > >
