Hello,
I'd like to know what is your advice on implementing a security system
that would provide two simple roles for couch db documents :
- document writer
- document reader
The idea is of course to limit the access of a given doc and allow it
only on certain users.
I know that the 'writer' role can be implemented using validation hooks,
as explained in the docs, however there is not a clue on what
could/should be done in order to protect the documents from being viewed.
Is there anything existing that could be used and that I missed in the
docs ?
If not are there any advices on implementing such a feature ?
Of course, the idea is to be able to address large databases, ( ~ 1.2M
docs ), with large views, so there is no way an client side ( or server
side ) application could cross check the right of each element returned
by a view.
If anyone has any suggestion on this, I'd realy appreciate
Regards,
cdrx
