On Mar 4, 2009, at 3:24 PM, Damien Katz wrote:
The replication security branch is finally near completion, this
work is makes CouchDB enforces security during replication, to allow
CouchDB databases to be exposed directly to clients and replicators.
svn co http://svn.apache.org/repos/asf/couchdb/branches/rep_security
This branch also has revision stemming work, but it doesn't actually
do the stemming yet. But that's simple to add later and will still
work with the same replication protocol.
This version removes all or nothing bulk updates w/ conflict
checking as it was the only way I could get everything else working.
However, it's still possible we'll add it back if needed. I'm in
favor of removing it all together for now and seeing if we can live
with it. Thoughts please.
I'd appreciate people testing it out. Also writing more JS tests
would be a big help too.
This branch right now is a month or so behind trunk, so recent fixes/
features are missing until I merge it to latest. Sorry.
-Damien
Hi Damien, at the end of security_validation.js, you have
// this is a legal edit
var foo2 = dbB.open("foo2");
foo2.value = "b";
dbB.save(foo2);
var results = CouchDB.replicate(B, A);
<snip>
// The edit to foo2 should have replicated.
T(dbA.open("foo2").value == "a");
I'm confused. If that was a legal edit, shouldn't the value of foo2
on dbA == "b"? I noticed a line in the log when I run this test
[info] [<0.121.0>] error replicating document "foo2" rev
"2-3418587803":{unauthorized, <<"You are not the author of this
document. You jerk.">>}
and I if I inspect the two DBs I see that the change did not
replicate. Hope it helps, Adam
