On Aug 17, 2011, at 11:46 AM, Jean-Pierre Fiset wrote: > I think that the operations of replication and backing up are quite > different. Although some are using the replication features for backing up, I > tend to think of replication as an operation taking place between two nodes > that do not necessarily trust one another.
That's one possible use case for replication, but hardly the only one. Anyway, if you don't trust the replication then I certainly hope the replication doesn't use credentials that map to _admin powers on your database. If the replication doesn't have _admin powers it cannot bypass validation. > If what you are proposing is a special privilege given to the admin party, > then I do not have much of an issue with this, since administrators already > have intimate access to the server. However, the concept of creating a new > "replicator" role, which would supersede the validation functions is another > thing. Yes, I probably should have picked one approach and stuck with it. Either way, my intent was that a replicator could bypass validation only if an admin had given it credentials that mapped to a powerful role (possibly _admin), *and* if the admin had explicitly asked for the replicator to bypass validation. > In applications that must ensure that some document types have a given > structure, opening the door to a user (and here I assume a user that attempts > a replication from a different node, not a local administrator performing a > back up) to work around the validation function is probably a bad idea. That's not going to happen, unless you granted the user this really powerful role. Don't do that. > If the validation function could not be counted on, it would really affect > the way an application must be written. Understood, I'm certainly not asking for the replicator to bypass validations in general. Cheers, Adam
