Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Damien Katz <damienkatz-Re5JQEeQqe8AvxtiuMwx3w <at> public.gmane.org>
Subject: Security and Validation - Re: CouchDB 0.9 and 1.0
Newsgroups: gmane.comp.db.couchdb.devel
Date: Wednesday 2nd July 2008 16:56:44 UTC (over 8 years ago)
We need to implement a couchdb security model. I think at a high level  
it should be simple as possible. Also I think we won't do  
authentication, that should be handled by a authenticating proxy, or  
application code.

I'm thinking our model looks something like this:

We'll have server wide admin accounts, and dbadmin accounts. Db Admins  
can create dbs and admin their own dbs. Server admins are like  
superusers. Only admins are allowed to update design documents in  
databases.

The per-database customized module will be supported by custom  
validation functions contained in databases design documents.  When a  
document is updated, either via replication or new edit, these  
validation functions are evaluate with provided context.

Here is a very simplistic validation routine:

function (doc, ctx) {
	if (doc.type == "topic" && doc.subject == undefined) {
		throw "Error, a subject is required for all topics.";
	}
}

Something that looks at previous revisions:

function (doc, ctx) {
	var prev = ctx.get_local_doc();
	if (prev != null && prev.author != ctx.user_name()) {
		throw "Error, update by non-author.";
	}
}

It should also be possible modify the document while it's being saved,  
but this might only be allowable when its a new edit, vs a replicated  
update or backup restore.

All further security schemes would be handled the customized  
functions, and though APIs to do database or external ldap queries.
On Jul 2, 2008, at 3:08 AM, Jan Lehnardt wrote:

> Hello everybody,
> this thread is meant to collect missing work items (features and
> bugs) for for our 1.0 release and a discussion about how to split
> them up between 0.9 and 1.0.
>
> Take it away: Damien.
>
> Cheers
> Jan
> --
 
CD: 3ms