Geek Answers Handbook

Should I make my CouchDB database server open?

I am new to CouchDb and trying to figure out how to use it correctly. I come from MongoDB , where I will always write a web layer and put it in front of the mongo so that I can allow users to access the data inside it, etc. In fact, that’s how I used all the databases for every website I’ve ever written. So, looking at Couch, I see that its own API is HTTP and that it has built in features like OAuth support and other functions that tell me that maybe I will no longer have the code layer sitting in front of Couch. but write Views and things instead and just give out Couch accounts to your users? I think in terms of the HTTP API for my site or that users will use my data. However, the opening of the Sofa is so strange to me. Is OAuth, in the sense of Couch, more important for remote access to software that I would write and run inside my own “officially”, or is it literally intended for end users?

I know that there can be things that can only be done with a code layer on top of CouchDB, for example, if you want other things related to the database to occur during API requests. Therefore, thinking in this direction, I think that I still need a code layer.

+6
source share
2 answers

Choosing a dealer.

Nodejitsu has a great post on this topic here .

Without knowing the specifics of your application, I will take a broad approach ...

Back end

If you want users to never see your database, reverse it. You can broadcast everything through something like node.js and present only what the user should see, and they will never know anything about the database. See "View Resources"

Frontal

If you are not interested in data security, you can place the entire CouchDB application in the application; see CouchApp . This approach has the advantage of using a replication mechanism to control the publication of your site / data. The downside here is that you will almost certainly come across some technical limitations that will require moving CouchDB closer to the server.

Bl end

Ask the application server to present the interface and the client to pull data from the database separately. This gives you maximum flexibility, but it can be a bag of grudges, because even with a good design, it can lead to problems with support and scalability.

My recommendation

Use CouchDB on the server. If you need mobile clients to synchronize, use a secondary database open for this purpose and selectively synchronize this data where necessary.

+3
source

Simply put, no.

There is no way to protect Couch properly on a public site. There is no way to discriminate against access at a competent enough level. If someone has access to any of the data, they have access to all the data.

Not all data on the site is intended for public consumption, with the exception of the most trivial sites.

+1
source

More articles:


All Articles