I am using BigCouch which is a very good implementation of scalable CouchDB cluster. But it has a small problem - it doesn't support CouchDB 1.0-style Security features very well. So it must stay in the Admin Party mode.
What are the options to secure a CouchDB instance in the Admin Party mode. Each开发者_如何学JAVA user should have their own database and they are allowed to CRUD non-design docs, query views but not allowed to CRUD design docs, do compactions and other stuff, just like a reader in CouchDB Security
Is it possible to enable this kind of security outside CouchDB. With a web proxy or a messaging system, perhaps?
Thanx a lot
Yeah, I think your best bet would be to put a proxy in front of BigCouch and enforce your security rules in the proxy.
You might be able do this by using Apache or nginx as the front-end proxy and writing rewrite rules to forward or reject requests depending on the username, I'm not sure.
However, I'd think it'd be more effective and straightforward, and easier to implement and manage, to implement the proxy with code.
My team has had success implementing a HTTP proxy with custom logic on Node.js. There's a solid library named node-http-proxy, and this post has some good sample code showing how to implement a simple proxy from scratch and add custom logic.
HTH!
精彩评论