CouchDB Authorization Guidance or Documentation?
1 view
Skip to first unread message
Ronnie Royston
Jul 20, 2023, 4:46:04 PM7/20/23
to us...@couchdb.apache.org
In terms of authorization, does anyone know of any documentation or
guidance out there for users / developers?
I have my authentication setup and working fine, but I am looking for best
practices around database authorization. Basics, e.g. implementing least
privilege model, restrict access per document and/or document attachment,
is it good practice to build out one view per access profile/role? Best
Practices <https://docs.couchdb.org/en/stable/best-practices/index.html>
does not appear to address authorization concepts. All I can find is below.
1.1.5. Security and Validation
<https://docs.couchdb.org/en/stable/intro/overview.html#security-and-validation>
To protect who can read and update documents, CouchDB has a simple reader
access and update validation model that can be extended to implement custom
security models.
1.5.3. Authorization
<https://docs.couchdb.org/en/stable/intro/security.html#cookie-authentication>
Each database on a CouchDB server can contain its own set of authorization
rules that specify which users are allowed to read and write documents
members, who are allowed to read all documents and create and modify any
document
4.1.5. Adding client-side security with a translucent database
<https://docs.couchdb.org/en/stable/best-practices/documents.html#adding-client-side-security-with-a-translucent-database>
It is possible to use a modest amount of encryption and one-way functions
to obscure the sensitive columns or key-value pairs, a technique often
called a translucent database.
guidance out there for users / developers?
I have my authentication setup and working fine, but I am looking for best
practices around database authorization. Basics, e.g. implementing least
privilege model, restrict access per document and/or document attachment,
is it good practice to build out one view per access profile/role? Best
Practices <https://docs.couchdb.org/en/stable/best-practices/index.html>
does not appear to address authorization concepts. All I can find is below.
1.1.5. Security and Validation
<https://docs.couchdb.org/en/stable/intro/overview.html#security-and-validation>
To protect who can read and update documents, CouchDB has a simple reader
access and update validation model that can be extended to implement custom
security models.
1.5.3. Authorization
<https://docs.couchdb.org/en/stable/intro/security.html#cookie-authentication>
Each database on a CouchDB server can contain its own set of authorization
rules that specify which users are allowed to read and write documents
members, who are allowed to read all documents and create and modify any
document
4.1.5. Adding client-side security with a translucent database
<https://docs.couchdb.org/en/stable/best-practices/documents.html#adding-client-side-security-with-a-translucent-database>
It is possible to use a modest amount of encryption and one-way functions
to obscure the sensitive columns or key-value pairs, a technique often
called a translucent database.
Reply all
Reply to author
Forward
0 new messages