You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Ivan Stoyanov <iv...@kinvey.com> on 2011/05/18 06:21:43 UTC
_security and replication
Hi,
How is the security object supposed to work with replication? Right
now if I have a protected database and _replicate it on another
instance, it is left wide open.
Thanks,
Ivan
Re: _security and replication
Posted by Ivan Stoyanov <iv...@kinvey.com>.
Yes, I had tried some automanual solutions, like a cron which dumps
the source _security object into the destination object, but they have
issues:
1) Not being under MVCC makes it really hard to use in a real two-way
replication scheme where changes to access control are possible in
either place.
2) If you create a brand new DB with protected data, and it gets
replicated, your second copy is unprotected until the _security cron
kicks in, which, depending on you definition, can be thought of as a
security hole.
Ivan
On Wed, May 18, 2011 at 1:48 AM, Mark Hahn <ma...@boutiquing.com> wrote:
> The docs say "security objects are not regular versioned documents
> (that is, they are not under MVCC rules)". So I have assumed they
> don't replicate since replication depends on versioning. I guess you
> need to manually set up the object on each instance of the db.
>
> On Tue, May 17, 2011 at 9:21 PM, Ivan Stoyanov <iv...@kinvey.com> wrote:
>> Hi,
>>
>> How is the security object supposed to work with replication? Right
>> now if I have a protected database and _replicate it on another
>> instance, it is left wide open.
>>
>> Thanks,
>> Ivan
>>
>
>
>
> --
> Mark Hahn
> Website Manager
> mark@boutiquing.com
> 949-229-1012
>
Re: _security and replication
Posted by Mark Hahn <ma...@boutiquing.com>.
The docs say "security objects are not regular versioned documents
(that is, they are not under MVCC rules)". So I have assumed they
don't replicate since replication depends on versioning. I guess you
need to manually set up the object on each instance of the db.
On Tue, May 17, 2011 at 9:21 PM, Ivan Stoyanov <iv...@kinvey.com> wrote:
> Hi,
>
> How is the security object supposed to work with replication? Right
> now if I have a protected database and _replicate it on another
> instance, it is left wide open.
>
> Thanks,
> Ivan
>
--
Mark Hahn
Website Manager
mark@boutiquing.com
949-229-1012