I'm trying to setup a CouchDB database that could be publicly writable and only readable by the "admin" role. How can I do this. Is there a similar validate_doc_update function for accessing a document ?
Asked
Active
Viewed 1,567 times
5
Maxime
- 2,048
- 1
- 27
- 38
-
I'd like to store logging/analytics data in the DB that shouldn't be shared with anyone else... too bad this capability is not available without an app server to handle the security element. – Dobes Vandermeer Sep 09 '11 at 11:44
2 Answers
1
Check out this page on the wiki, it provides an introduction to setting up read/write-level security on a database level.
As of CouchDB 1.1.0, it is not possible to have write access but not also read access to a database. What you can do is write to database A and then replicate that into database B, and only the admin can read database B.
JasonSmith
- 72,674
- 22
- 123
- 149
Dominic Barnes
- 28,083
- 8
- 65
- 90
-
I didn't find any way to do what I want in this document. The fact is when you affect a Reader user or Reader role to a database, the database becomes private (you need to be authenticated to write). – Maxime May 04 '11 at 13:28
-
Despite that this answer comes from my arch nemesis, I edited to recommend the most common workaround and +1 :) – JasonSmith Sep 02 '11 at 02:49
0
One possible workaround would be to "abuse" Apache for this (though not 100% secure):
You can use Apache to disallow GET from everyone except specific hosts which are the ones the admin uses... this way the users can write but can't read and the admin can read...
You could even have different URLs for admin (read+write) and users (write only) if you config Apache as reverse proxy...
Yahia
- 69,653
- 9
- 115
- 144