You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 15, 2021. It is now read-only.
This spec will define how we control access to all of Express-PouchDB's endpoints as well as our own endpoints and decide who can make requests and who cannot.
We also have to protect _local so that remote requesters can only see entries they created. We almost certainly have to put in some kind of key protection to make sure that IDs can't collide as this could be used to cause malicious behavior.
Note that with the exception of _local we only support GET and sometimes POST on a few endpoints needed for pull replication. For _local we have to allow write both to the magic ID that PouchDB will create on its own (and somehow prevent collisions so bad guys can't screw things up for other folks) but we also need to allow write for our own magic _local value.
We also need to make sure that we can associate an authenticated ID via PSK with a particular native level connection. Trust is still at the TCP layer but this does help the peer pool implementation when it has to pick a connection to kill.
The text was updated successfully, but these errors were encountered:
This spec will define how we control access to all of Express-PouchDB's endpoints as well as our own endpoints and decide who can make requests and who cannot.
We also have to protect _local so that remote requesters can only see entries they created. We almost certainly have to put in some kind of key protection to make sure that IDs can't collide as this could be used to cause malicious behavior.
Note that with the exception of _local we only support GET and sometimes POST on a few endpoints needed for pull replication. For _local we have to allow write both to the magic ID that PouchDB will create on its own (and somehow prevent collisions so bad guys can't screw things up for other folks) but we also need to allow write for our own magic _local value.
We also need to make sure that we can associate an authenticated ID via PSK with a particular native level connection. Trust is still at the TCP layer but this does help the peer pool implementation when it has to pick a connection to kill.
The text was updated successfully, but these errors were encountered: