On Fri, Nov 28, 2014 at 2:49 AM, Peter Grman <[email protected]> wrote: > There is a lot which can go wrong with this the worst ones I came up with: > - DoS attack with endless loops inside the function > - DoS attack by emitting too much data (potentially in a loop again) > > As far as I've understood, it's not possible to access other Databases from > within the view, is this understanding of mine correct? > > Is it possible to access the filesystem or network services in any way from > the CouchDB view or is the JavaScript engine, which is running the code, > limiting enough? > > Are there any other things which could go wrong? - or did actually somebody > already use CouchDB like this, and it's perfectly normal?
The worst case will be always RCE since you're going allow everyone execute arbitrary code on your server. JavaScript query server is only safe while SpiderMonkey sandbox is. However, if you want to use some custom query servers when things will go bad since nor Python, Erlang, Clojure and other I know servers supports sandboxing which means you can do anything. Your idea may works for Mango - Cloudant views query DSL - since it's very limited by allowed operations, but then you'll face another problem: disk space will run out very quickly since a single index file may be much more bigger then database itself. Let's first asks why do you such feature? Because for now the most simple and secure way to allow custom users view is to let users replicate your database to their CouchDB instance where they can do anything whatever they need. And that's works. -- ,,,^..^,,,
