You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Deistl Ross <de...@me.com> on 2010/05/12 19:51:45 UTC

view security

I'm sure there is a solution to this issue.  I have a view that is normally accessed from the web with a key, which works fine.  When the view is accessed without the key, it, of course, will expose all the view records. Is there a way to only allow view access with, in this case,the  key, or startkey, endkey or other parameter, to stop exposing all the view records?  Sort of like validation for database access, instead of updates.

Re: view security

Posted by J Chris Anderson <jc...@gmail.com>.

On May 12, 2010, at 10:51 AM, Deistl Ross wrote:

> I'm sure there is a solution to this issue.  I have a view that is normally accessed from the web with a key, which works fine.  When the view is accessed without the key, it, of course, will expose all the view records. Is there a way to only allow view access with, in this case,the  key, or startkey, endkey or other parameter, to stop exposing all the view records?  Sort of like validation for database access, instead of updates.

You've got to handle that in a proxy.

Or you can copy only the public records to a public db, and allow open access to that db. Depends on your app model.

Chris