security - Can local documents be disabled in CouchDB? -


local documents differ ordinary couchdb documents in not replicated, not show in view (including _all_docs) , not subject validation functions. can accessed using document id has known retrieval. see http://docs.couchdb.org/en/1.3.x/api/local.html details.

a malicious user abuse feature in public facing couchdb store arbitrary data on server. funny thing database or server admin cannot see documents in other way viewing log files.

so wonder if there option disable local documents in couchdb?

no, there isn't way that, sorry. comments correct though, , improve in couchdb avoid problem. feel free file bug @ https://issues.apache.org/jira/browse/couchdb , people consider it, or explain why it's not practical.

on other hand, more practically, giving write access database requires level of trust they'll not malicious or hugely defective. yes, sneakily create local documents, equivalently delete in database, or fill other normal documents , crash server, you'd still have go through , individually delete (even bulk delete requires list every document id), or delete whole db.

if database client isn't trustworthy level should not give them direct access database. in case, should instead put service between them , couchdb (i.e. website fixed forms , whatnot) manages these interactions control sort of thing.


Comments

Popular posts from this blog

Why does Ruby on Rails generate add a blank line to the end of a file? -

keyboard - Smiles and long press feature in Android -

node.js - Bad Request - node js ajax post -