You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Hendrik Jan van Meerveld <ha...@gmail.com> on 2010/11/09 22:45:32 UTC
Can I prevent replication of design documents?
Hi All,
I'm trying to move a website from Drupal to Couchdb.
For this I am wondering whether there is a way to prevent
website visitors from replicating the whole website to their
home computers.
Does anybody know of such an option? Does it work on the CouchOne
shared hosting?
Same goes for an application that the company where I work uses.
It would be great if it could be rewritten from its current
incarnation to a Couchdb application, but that's not an option
if the whole world can replicate the application.
Thanks for any help.
Re: Can I prevent replication of design documents?
Posted by Luciano Ramalho <lu...@ramalho.org>.
On Wed, Nov 10, 2010 at 1:01 PM, Benjamin Young <be...@couchone.com> wrote:
> If you have admin's setup on the db, the design docs (at least) won't
> replicate. Per the CouchDB Definitive Guide book:
> "Creating design documents is restricted to admins, and if the
> replication is triggered without admin credentials, writing the design
> documents during replication will fail and be recorded as
> doc_write_failures."
I believe this refers to having admin credentials in the replication
*target* not in the *source*, so it does not address Hendrik's
concern, as I understand it.
> Additionally, you could use the proxy option that Randall mentioned.
> There's also the _rewrite handler + a vhost for the public web site
> domain. You could then optionally make the "raw" CouchDB API available
> (if you'd like) on a different port or domain.
This seems to be the way to go.
The question raised by Hendrik is a crucial one, and is probably in
the minds of many people who are afraid to commit to CouchDB because
of this, so it would be great if the issue was addressed
authoritatively and the question put into a FAQ.
--
Luciano Ramalho
programador repentista || stand-up programmer
Twitter: @luciano
Re: Can I prevent replication of design documents?
Posted by Hendrik Jan van Meerveld <ha...@gmail.com>.
Hi Randall and Benjamin,
You are being really helpfull, thanks for taking the time to answer.
The information that Couch does not replicate design documents for
non-admins makes my day.
I'll do some playing with the rewrite as well to see how that works,
and the reverse proxy will probably be usefull for my companies
application.
Kind regards,
Hendrik Jan
On 10 November 2010 16:01, Benjamin Young <be...@couchone.com> wrote:
> Hey Hendrik,
>
> If you have admin's setup on the db, the design docs (at least) won't
> replicate. Per the CouchDB Definitive Guide book:
> "Creating design documents is restricted to admins, and if the
> replication is triggered without admin credentials, writing the design
> documents during replication will fail and be recorded as
> doc_write_failures."
>
> Additionally, you could use the proxy option that Randall mentioned.
> There's also the _rewrite handler + a vhost for the public web site
> domain. You could then optionally make the "raw" CouchDB API available
> (if you'd like) on a different port or domain.
>
> Hope that helps.
>
> On Tue, Nov 9, 2010 at 5:09 PM, Randall Leeds <ra...@gmail.com> wrote:
>>
>> You can't restrict read access to the design document using
>> permissions because then I think your application would not be able to
>> access views, shows, lists, updates, etc.
>>
>> However, you could perhaps restrict network access to these resources
>> explicitly. Put a reverse proxy in front of your couch that forbids
>> access to everything under /db/_design/app* except
>> /db/_design/app/_(show|list|view|update)*. This way, the user context
>> for CouchDB within which your visitors access the views and lists will
>> still have access to the design document (you have not changed the
>> document permissions), but external attempts to fetch the code itself
>> will be blocked. Just be careful that none of your other code (such as
>> a show function) can be used to format and display the design document
>> itself.
>>
>> This might work, but I haven't thought about it longer than a minute.
>> Let me know what you find if you investigate.
>>
>> On Tue, Nov 9, 2010 at 13:45, Hendrik Jan van Meerveld <ha...@gmail.com> wrote:
>> > Hi All,
>> >
>> > I'm trying to move a website from Drupal to Couchdb.
>> > For this I am wondering whether there is a way to prevent
>> > website visitors from replicating the whole website to their
>> > home computers.
>> > Does anybody know of such an option? Does it work on the CouchOne
>> > shared hosting?
>> >
>> > Same goes for an application that the company where I work uses.
>> > It would be great if it could be rewritten from its current
>> > incarnation to a Couchdb application, but that's not an option
>> > if the whole world can replicate the application.
>> >
>> > Thanks for any help.
>> >
>
Re: Can I prevent replication of design documents?
Posted by Benjamin Young <be...@couchone.com>.
Hey Hendrik,
If you have admin's setup on the db, the design docs (at least) won't
replicate. Per the CouchDB Definitive Guide book:
"Creating design documents is restricted to admins, and if the
replication is triggered without admin credentials, writing the design
documents during replication will fail and be recorded as
doc_write_failures."
Additionally, you could use the proxy option that Randall mentioned.
There's also the _rewrite handler + a vhost for the public web site
domain. You could then optionally make the "raw" CouchDB API available
(if you'd like) on a different port or domain.
Hope that helps.
On Tue, Nov 9, 2010 at 5:09 PM, Randall Leeds <ra...@gmail.com> wrote:
>
> You can't restrict read access to the design document using
> permissions because then I think your application would not be able to
> access views, shows, lists, updates, etc.
>
> However, you could perhaps restrict network access to these resources
> explicitly. Put a reverse proxy in front of your couch that forbids
> access to everything under /db/_design/app* except
> /db/_design/app/_(show|list|view|update)*. This way, the user context
> for CouchDB within which your visitors access the views and lists will
> still have access to the design document (you have not changed the
> document permissions), but external attempts to fetch the code itself
> will be blocked. Just be careful that none of your other code (such as
> a show function) can be used to format and display the design document
> itself.
>
> This might work, but I haven't thought about it longer than a minute.
> Let me know what you find if you investigate.
>
> On Tue, Nov 9, 2010 at 13:45, Hendrik Jan van Meerveld <ha...@gmail.com> wrote:
> > Hi All,
> >
> > I'm trying to move a website from Drupal to Couchdb.
> > For this I am wondering whether there is a way to prevent
> > website visitors from replicating the whole website to their
> > home computers.
> > Does anybody know of such an option? Does it work on the CouchOne
> > shared hosting?
> >
> > Same goes for an application that the company where I work uses.
> > It would be great if it could be rewritten from its current
> > incarnation to a Couchdb application, but that's not an option
> > if the whole world can replicate the application.
> >
> > Thanks for any help.
> >
Re: Can I prevent replication of design documents?
Posted by Randall Leeds <ra...@gmail.com>.
You can't restrict read access to the design document using
permissions because then I think your application would not be able to
access views, shows, lists, updates, etc.
However, you could perhaps restrict network access to these resources
explicitly. Put a reverse proxy in front of your couch that forbids
access to everything under /db/_design/app* except
/db/_design/app/_(show|list|view|update)*. This way, the user context
for CouchDB within which your visitors access the views and lists will
still have access to the design document (you have not changed the
document permissions), but external attempts to fetch the code itself
will be blocked. Just be careful that none of your other code (such as
a show function) can be used to format and display the design document
itself.
This might work, but I haven't thought about it longer than a minute.
Let me know what you find if you investigate.
On Tue, Nov 9, 2010 at 13:45, Hendrik Jan van Meerveld <ha...@gmail.com> wrote:
> Hi All,
>
> I'm trying to move a website from Drupal to Couchdb.
> For this I am wondering whether there is a way to prevent
> website visitors from replicating the whole website to their
> home computers.
> Does anybody know of such an option? Does it work on the CouchOne
> shared hosting?
>
> Same goes for an application that the company where I work uses.
> It would be great if it could be rewritten from its current
> incarnation to a Couchdb application, but that's not an option
> if the whole world can replicate the application.
>
> Thanks for any help.
>