That does help. When I (re) consider porting/fwd'ing/piping from Couch to Node back to Couch it seems clear:
Node.js (or other server/service) in front of Couch and end users have no direct access to Couch. Ever. End of story CouchDB authentication story. And that's OK. CouchDB is still a great DB product. You just have to roll your own auth proxy. Took me about a week of research to arrive there. On Sat, Jul 8, 2023 at 3:26 PM ermouth <[email protected]> wrote: > > The aim is to implement a least privilege model > > To achieve that with _rewrite you very likely still need at least a simple > proxy, which will redirect most or all inbound requests to a particular > _rewrite endpoint. This case R.Newson’s argument doesn’t stand, rewrite > becomes mandatory. > > As for creating DBs – that’s right, user can’t create DBs without being an > _admin. > > As for deprecation – about 80% of QS methods are deprecated, anyway they > are useful and there’s no reason not to use them. Porting _rewrite to > node.js is pretty straightforward if needed. > > Hope it helps. > > ermouth > -- Ronnie Royston (504) 460-1592
