Menu
I need to sync server data from CouchDB and PouchDB on client side. Every user has his own data. When he is online this data is being updated. How can I filter data during replication and give user only his own documents? This is security issue for me.
473
Having a separate DB for each user is fine until you start having lots of users (thousands) because each user will need to have it's own file for it's database in the filesystem. This in my experience creates problems with resources at the operating system level and makes CouchDB unstable. Problems will be even worse if you want to do sharding and use BigCouch because sharding creates several file copies.
An alternative is CouchBase sync gateway (http://docs.couchbase.com/sync-gateway/) It uses the same CouchDB API but you'll need to use Couchbase as a server side DB instead of CouchDB for that.
Another alternative is to use CouchDB together with filtered replication and different DB users for each user. This might not be enough because with filtered replication you can't avoid someone accessing the DB directly. So you would need to couple this with a reverse proxy solution like HAProxy to make sure each user access only it's own filtered data.
167
Currently the best practice for doing private user data in PouchDB/CouchDB is to give each user their own database on the server side. I have some instructions here for how to do this.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
