Securing couchdb and pouchdb replication

3
votes

I am trying to get my head around security in couchdb replication. I am looking at using pouchdb locally on clients and have the clients sync with a central couchdb. Each client has a doc that only they should be able to sync bidirectionally. How do I ensure users can only sync their own documents, yet have shared documents replicated one-way from couchdb to clients?

2
couchdbpouchdb
1) Setup user accounts and require authenticated users only 2) Add document_update_validation to check the userCtx's username matches a field in relevant document. This ensures that only the given user can update it - Samuel Goldenbaum

2 Answers

2
votes

One database per user is quite common for CouchDB. In that case, you can allow each user to only access his own database:

https://stackoverflow.com/a/11686674

If each user needs just one document, then each database contains just one doc!

0
votes

You can use "pouchdb-authentication" (https://github.com/nolanlawson/pouchdb-authentication)to secure your connection and PouchDB itself to sync the data with a remote CouchDB server (https://pouchdb.com/api.html#sync).

Use a "_design" document in each database to restrict access in a users database.