Re: Disable purge? Also, hide all docs?

[jumbo jim <ju...@gmail.com>]

Ok so I can't disable purge..

If a user did purge... would that then replicate and delete all documents
from other servers it is replicating to?


On Wed, Dec 31, 2014 at 8:34 PM, Alexander Shorin <kx...@gmail.com> wrote:

> On Wed, Dec 31, 2014 at 9:16 AM, jumbo jim <ju...@gmail.com> wrote:
> >> The easiest way is indeed to put CouchDB behind a proxy, but for
> >> _all_docs you can just remove this http endpoint from config by adding
> >> the following in your local.ini
> >>
> >
> >
> > Thanks Alexander.
> >
> > Is it possible to remove _replicate in the same manner? It occurred to me
> > that the user could simply replicate all documents out to his own
> database
> > also. Don't need to be an admin for replication.
> >
> > If not, I suppose the proxy route I will have to go.
>
> You can remove _replicate, but it won't prevent users to replicate
> their documents since replication happens not by magic, but because of
> using public CouchDB HTTP API. You'll actually be forces to disable
> access to the document in database at all for everyone. I would
> recommend you to revisit your authorization policy and, since you
> seems not happy with exposing CouchDB as is to the world, application
> architecture, because you eventually going to have some functional
> middleware in front of CouchDB.
>
> --
> ,,,^..^,,,
>