On Mar 5, 2009, at 12:44 PM, Adam Kocoloski wrote:
On Mar 4, 2009, at 3:24 PM, Damien Katz wrote:
The replication security branch is finally near completion, this
work is makes CouchDB enforces security during replication, to
allow CouchDB databases to be exposed directly to clients and
replicators.
svn co http://svn.apache.org/repos/asf/couchdb/branches/rep_security
This branch also has revision stemming work, but it doesn't
actually do the stemming yet. But that's simple to add later and
will still work with the same replication protocol.
This version removes all or nothing bulk updates w/ conflict
checking as it was the only way I could get everything else
working. However, it's still possible we'll add it back if needed.
I'm in favor of removing it all together for now and seeing if we
can live with it. Thoughts please.
I'd appreciate people testing it out. Also writing more JS tests
would be a big help too.
This branch right now is a month or so behind trunk, so recent
fixes/features are missing until I merge it to latest. Sorry.
-Damien
Hi Damien, at the end of security_validation.js, you have
// this is a legal edit
var foo2 = dbB.open("foo2");
foo2.value = "b";
dbB.save(foo2);
var results = CouchDB.replicate(B, A);
<snip>
// The edit to foo2 should have replicated.
T(dbA.open("foo2").value == "a");
I'm confused. If that was a legal edit, shouldn't the value of foo2
on dbA == "b"? I noticed a line in the log when I run this test
[info] [<0.121.0>] error replicating document "foo2" rev
"2-3418587803":{unauthorized, <<"You are not the author of this
document. You jerk.">>}
and I if I inspect the two DBs I see that the change did not
replicate. Hope it helps, Adam
Thanks Adam. I'm doing more testing and debugging today.
-Damien
