Reputation: 18909
Securing couchdb and pouchdb replication
I am trying to get my head around security in couchdb replication. I am looking at using pouchdb locally on clients and have the clients sync with a central couchdb. Each client has a doc that only they should be able to sync bidirectionally. How do I ensure users can only sync their own documents, yet have shared documents replicated one-way from couchdb to clients?
Upvotes: 4
Views: 912
Answers (2)
Reputation: 161
You can use "pouchdb-authentication" (https://github.com/nolanlawson/pouchdb-authentication)to secure your connection and PouchDB itself to sync the data with a remote CouchDB server (https://pouchdb.com/api.html#sync).
Use a "_design" document in each database to restrict access in a users database.
Upvotes: 0
Reputation: 7938
One database per user is quite common for CouchDB. In that case, you can allow each user to only access his own database:
https://stackoverflow.com/a/11686674
If each user needs just one document, then each database contains just one doc!
Upvotes: 2
Related Questions
- When to use CouchDB over MongoDB and vice versa
- User registration for PouchDB/CouchDB/ with Electron
- Filtered Sync between CouchDB and PouchDB
- One pouchDB per user on the same device syncing with a single CouchDB
- Partial syncing in pouchdb / couchdb with a particular scenario
- PouchDB Admin view over multiple User PouchDBs
- Live synchronisation of multiple PouchDB client instances with CouchDB server
- How can I filter data during replication and give user only his own documents?
- Per document user access control for PouchDB / CouchDB
- Request for feedback: Couchdb setup with client replication (pouchdb) for multiple users/accounts