Reputation: 43
CouchDb - Prevent couchDb from delivering a view
I made a list to filter view result because of security issues. The list filters a defined view in the database according to the user session attributes. Thats exactly what I wanted.
Example Uri: http://localhost:5984/hrtool/_design/hrtool/_list/candidates/candidates
But there's still one problem: By guessing the couch Rest api, someone can get the complete view: Example: http://localhost:5984/hrtool/_design/hrtool/_view/candidates/
Is there a posibility to prevent such calls on the view?
Thanks in advance fadh
Upvotes: 2
Views: 92
Answers (1)
Reputation: 4631
Read access to couchdb is per-database, not per-view, so, no, you won't be able to prevent users with read access to the database from reading the entire view.
You could make a db per user, where each database contains only the data that should be visible to that user, instead.
Upvotes: 3
Related Questions
- CouchDB how to exclude documents from View
- Views in Couchbase
- Couchbase Indexing Views too frequently
- Loading a CouchDB View Index
- Couchbase views query
- Creating temporary view in couchdb using node-couchdb-api
- Trouble with views in CouchDB
- couchdb view not responding as expected
- couchdb query map view and not reduce view
- Using Views in couchDB