You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by cdr53x <cd...@free.fr> on 2010/11/05 14:27:39 UTC

Document security, restricting document viewers

Hello,

I'd like to know what is your advice on implementing a security system 
that would provide two simple roles for couch db documents :

  - document writer
  - document reader

The idea is of course to limit the access of a given doc and allow it 
only on certain users.

I know that the 'writer' role can be implemented using validation hooks, 
as explained in the docs, however there is not a clue on what 
could/should be done in order to protect the documents from being viewed.

Is there anything existing that could be used and that I missed in the 
docs ?

If not are there any advices on implementing such a feature ?

Of course, the idea is to be able to address large databases, ( ~ 1.2M 
docs ), with large views,  so there is no way an client side ( or server 
side ) application could cross check the right of each element returned 
by a view.

If anyone has any suggestion on this, I'd realy appreciate

Regards,

cdrx