Can I restrict unauthenticated users from accessing _all_docs?

Question

I\'d like people to be able to share documents privately, using a link with a random id, like I get after posting a private link to a pastebin. I want to know both for CouchDB a

Answer 1

With Apache CouchDB, read permission is per-database, not per-document. If a user can fetch a document from a database, the user can fetch _all_docs?include_docs=true too.

I wrote details in this question about CouchDB read authorization.

There are a few approaches:

1. Layer-7 firewall or reverse HTTP proxy. This is hard to do correctly; IMO not feasible for most. You must be very familiar with CouchDB's API to be sure every possible query is blocked (e.g. _rewrite going around your filter).

2. One database per user. This is CouchDB's native solution. Creating databases is very cheap. Then, replicate the documents the user can see to his or her database. The user needs a password on the Couch, or an OAuth account.

3. I have had success recently with per-user databases but also a unique key in the URL that grants them immediate access. It feels like the thing you want, however under the hood I am just creating throwaway accounts with random passwords. The link goes to a public page such as www.example.com/pastebin/index.html?doc_id=some_docid&secret=random_secret. Then Javscript on the browser will read window.location and insert that password into the AJAX query (in an Authorization header). Couch grants permission and the user is happy. Unfortunately, this required a little bit of trial and error; however it's mostly simple web programming.