On Fri, Aug 26, 2011 at 10:36 PM, Paul Davis <paul.joseph.da...@gmail.com> wrote: > Imagine you have a phone with a CouchDB. And your friend says, "Just > replicate this photo album." But he's inserted a _security doc that > gives him permission to touch your private data. If someone said the > obvious answer is "have a validate_doc_update function," I would > obviously slap that person.
That's why only a very special role could replicate it. I agree allowing it to replicate is very dangerous. > > Never in no way ever should it be remotely possible to unknowingly > change authorization settings because your db accidentally slurped up > a _security doc. > >>> >>> -- >>> Iris Couch >>> >> >> >> >> -- >> Filipe David Manana, >> fdman...@gmail.com, fdman...@apache.org >> >> "Reasonable men adapt themselves to the world. >> Unreasonable men adapt the world to themselves. >> That's why all progress depends on unreasonable men." >> > -- Filipe David Manana, fdman...@gmail.com, fdman...@apache.org "Reasonable men adapt themselves to the world. Unreasonable men adapt the world to themselves. That's why all progress depends on unreasonable men."
