Hacker News new | ask | show | jobs
by Xophmeister 3242 days ago
Can you not write validation functions in design documents that handle the security (to a degree) for you? I seem to remember being able to do this in CouchDB 1.6 and, while it seemed like a pretty crude method, it was easier than managing an interposing proxy server.
1 comments
devrandomguy 3241 days ago
Can you fake a reasonably indistinguishable 404 response for content that exists, but should not be publicly discoverable?

In the validation function docs [1], there is an example of HTTP errors being thrown, I'm just not sure if there is something like a `throw({notFound: null})` option.

[1] http://guide.couchdb.org/draft/validation.html

link
Xophmeister 3239 days ago
The only validation function I've written contains this:

    throw({forbidden: 'Only administrators can write changes'});
IIRC, it raises either a 401 or 403 HTTP error.
link