Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CouchDB - Figuring out database security

CouchDB offers validation prior to allowing an object/row to be inserted into the database. This make sure that if you have a public facing couch application, you're database won't be filled with junk by just anyone.

User <-> CouchDB

However, I'm tring to figure out what that looks like comming from the standard application design process where you have a trusted middle layer that does much of the auth work. For example, most apps place Ruby or PHP between the database and user agent which allows the application to figure out information about the user agent before allowing something like a post to be saved to the database.

User -> Ruby -> MySQL
User <- Ruby <- MySQL

How do you trust the user to do administrative tasks when the user can't be trusted?

For example, how would you do something like "email verification" prior to inserting a user row using just couchDB? You can't let the user agent insert the row - because they would fill the system with spam accounts. On the other hand, there is no middle layer either that can insert the row after they click the link in the email.

How about this, I would assume that you would allow anyone to enter their email by creating a new record in a public table like email_verify. This is something that a public user agent could do as the table would not do anything in the application - it would just be a holding tank.

Then node.js could track the _changes feed and send an activation email while creating a new entry in a private table (like email_confirm) (node.js would serve as a trusted middle layer). If the user clicks that link and comes back then... [unknown] ... and node.js could finally create a record in the private user table (user).

At this point we could then rely on couchdb validation for the rest of the application since we got a confirmed user account created.

As more background lets imagine a discussion built on couchdb that anyone can register for. We don't want to allow just anyone to directly submit content without some kind of verification - yet the user agents all directly run the system. (Tables would be Thread, Comment, & User). How would this work?

like image 264
Xeoncross Avatar asked Mar 28 '11 20:03

Xeoncross


2 Answers

I would think about adding roles to existing users in this issue.

Using couchdb's validation and changing _design/_auth can be a good idea to add email, email_verified and randomly generated email_verification_code in _users database when the user firsts registers.

To send mail, get confirmation, resend confirmation you can use external processes. (for an example usage of external process you can check couchdb-lucene).

And at last you can again do a quick check in _design/_auth in user update process if verification code matches and add verified_user role for that user.

This way all your requests would pass over couchdb, you would use external process only when you need to send mail and get confirmation.

Edit : Forgot to add (since it was pretty obvious), I would add verified_user role to database readers.

like image 177
frail Avatar answered Sep 30 '22 17:09

frail


Couldn't you just make use of CouchDb's Validation ?

Users could be flagged. Upon registration, a User is added to the Users database. He gets his mail and then is flagged "valid:true" or something like this upon answering to that mail or clicking a link.

With validation users could not only be "logged in/out" but also access authorization can be implemented with more granular access rights. E.g.: Only mark threads solved if one is the author, admin, whatever...

Or does this seem impracticable?

like image 36
chris polzer Avatar answered Sep 30 '22 17:09

chris polzer