Securing couchdb and pouchdb replication

Question

I am trying to get my head around security in couchdb replication. I am looking at using pouchdb locally on clients and have the clients sync with a central couchdb. Each client has a doc that only they should be able to sync bidirectionally. How do I ensure users can only sync their own documents, yet have shared documents replicated one-way from couchdb to clients?

1) Setup user accounts and require authenticated users only 2) Add document_update_validation to check the userCtx's username matches a field in relevant document. This ensures that only the given user can update it — Samuel Goldenbaum, Apr 04 '16 at 20:50

score 2 · Accepted Answer · answered Apr 06 '19 at 13:57

2

One database per user is quite common for CouchDB. In that case, you can allow each user to only access his own database:

https://stackoverflow.com/a/11686674

If each user needs just one document, then each database contains just one doc!

answered Apr 06 '19 at 13:57

Megidd

7,089
6
65
142

Bill Stephenson · Answer 2 · 2019-04-16T03:23:30.770

0

You can use "pouchdb-authentication" (https://github.com/nolanlawson/pouchdb-authentication)to secure your connection and PouchDB itself to sync the data with a remote CouchDB server (https://pouchdb.com/api.html#sync).

Use a "_design" document in each database to restrict access in a users database.

edited Apr 16 '19 at 03:23

answered Jul 14 '16 at 20:18

Bill Stephenson

141
9

Securing couchdb and pouchdb replication

2 Answers2