On Sun, Jan 24, 2010 at 12:21:25PM -0800, Chris Anderson wrote: > The problem with this approach is that validation is run during > replication as well, so any multi-doc data dependencies become > problematic in ad-hoc clusters.
But not every application makes sense as an ad-hoc cluster. In tight-knit clusters the databases trust each other and you want the data to be as coherent as possible, so you'd run replication as a user which has permit-everything rights in validate_doc_update. In these models you're more interested in validating the data once at its point of entry, not at every point of replication. It would be horrendous to have a document in instance 1 but not in instance 2, just because it was accepted initially according to some set of rules, but failed to replicate because the rules had changed in the mean time. This is especially true if the rules themselves are documents, and hence may be a bit stale. At worst you may accept an update which would be invalid if you had the most up-to-date rules, or reject one which would be valid, but the fact that you *did* accept or reject it should be consistent throughout the cluster.