开发者

CouchDB read authorization

In couchdb website -> technical overview -> security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To p开发者_JAVA百科rotect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protected documents are only viewable by listed users." I searched about how to use it but i found nothing. So is it actually used and if it is how?

Thanks.

-- Mustafa


You are right, it is confusing. Please see the 0.11 "breaking" changes for more information.

Per-document read control is not possible; the readers field is for access to the entire DB. For more information, load your database in Futon and click the Security... link at the top.

The reason read control is not possible is because views (map and reduce) can draw information from all documents in the database, so it is generally impossible to prevent users from seeing private data in some form.

For detailed access control, you have two major choices:

  1. Have an application between your users and the DB. 99% of web applications using MySQL do this already (e.g. Ruby on Rails). Keep ACL information in the DB and your application grants/rejects access based on the ACL.
  2. Keep a dedicated database per user. You may have to modify your architecture but maybe not. You can use replication with a filter to copy only a user's data into his database. Then he reads from his database and writes to the central database.


  1. Login to the CouchDB as admin.
  2. Open a particular database you want to secure
  3. Click on Security button of that particular database.
  4. Add users to Members names who can read. (At least add admins username) as string element of an array.
    Ex. Names: ["username1", "username2"]
  5. Click on update button

Click here to see the image

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜