Authorize Replication?

[Adam Venturella <av...@gmail.com>]

If I have 2 DBs: "A", and "B" on my server, and I want to replicate
(have the local pull from the master) "A" to another server, I get how
that works.  But what if only certain people are allowed to replicate
"A", how would I arrange that?  For example, I do not want the same
user to be able to replicate "B", only "A".  To add one more layer on
this, at some point, I want to be able to grant the user the ability
to replicate "B" as well as "A".

Is there a replication permission that can be set in the ACL or
another means to achieve this?

Re: Authorize Replication?

[Adam Venturella <av...@gmail.com>]

Thanks for pointing me in the right direction:

http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy
http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy


I should be able to setup my API for my service to pass OAuth headers
which I can handle in a file, and if Authenticated, forward the
request on to the CouchDB server.  At least that's my latest idea.
Off to test it now.

On Sat, Oct 10, 2009 at 2:46 PM, Mirsal Ennaime
<mi...@gmail.com> wrote:
> Hello,
>
> On Sat, Oct 10, 2009 at 2:28 AM, Adam Venturella <av...@gmail.com> wrote:
>> If I have 2 DBs: "A", and "B" on my server, and I want to replicate
>> (have the local pull from the master) "A" to another server, I get how
>> that works.  But what if only certain people are allowed to replicate
>> "A", how would I arrange that?  For example, I do not want the same
>> user to be able to replicate "B", only "A".  To add one more layer on
>> this, at some point, I want to be able to grant the user the ability
>> to replicate "B" as well as "A".
>
> You can do that with a webserver (such as nginx) as a proxy.
>
> Regards,
>
> --
> Mirsal Ennaime
> http://www.winux.fr
>

Re: Authorize Replication?

[Mirsal Ennaime <mi...@gmail.com>]

Hello,

On Sat, Oct 10, 2009 at 2:28 AM, Adam Venturella <av...@gmail.com> wrote:
> If I have 2 DBs: "A", and "B" on my server, and I want to replicate
> (have the local pull from the master) "A" to another server, I get how
> that works.  But what if only certain people are allowed to replicate
> "A", how would I arrange that?  For example, I do not want the same
> user to be able to replicate "B", only "A".  To add one more layer on
> this, at some point, I want to be able to grant the user the ability
> to replicate "B" as well as "A".

You can do that with a webserver (such as nginx) as a proxy.

Regards,

-- 
Mirsal Ennaime
http://www.winux.fr

Re: Authorize Replication?

[Aaron Quint <aa...@quirkey.com>]

One of the couch core guys can correct me if I'm wrong, but currently
there is no way to create database specific permissions soley with
configuration. I know there was talk of how to implement database and
even document level ACL/Auth schemes on the dev list recently, and I'm
pretty sure Jason Davies is working on it.

You can create a facsimile of certain types of
authorization/permissions by using the validate_doc_update design
document, though that doesn't really help your specific case.

--AQ


Aaron Quint
http://www.quirkey.com



On Fri, Oct 9, 2009 at 8:28 PM, Adam Venturella <av...@gmail.com> wrote:
> If I have 2 DBs: "A", and "B" on my server, and I want to replicate
> (have the local pull from the master) "A" to another server, I get how
> that works.  But what if only certain people are allowed to replicate
> "A", how would I arrange that?  For example, I do not want the same
> user to be able to replicate "B", only "A".  To add one more layer on
> this, at some point, I want to be able to grant the user the ability
> to replicate "B" as well as "A".
>
> Is there a replication permission that can be set in the ACL or
> another means to achieve this?
>