The official documentation has moved to http://docs.couchdb.org — The transition is not 100% complete, but http://docs.couchdb.org should be seen as having the latest info. In some cases, the wiki still has some more or older info on certain topics inside CouchDB.

You need to be added to the ContributorsGroup to edit the wiki. But don't worry! Just email any Mailing List or grab us on IRC and let us know your user name.

Adding Client-Side Security with a Translucent Database

Many applications do not require a thick layer of security at the server. It is possible to use a modest amount of encryption and one-way functions to obscure the sensitive columns or key-value pairs, a technique often called a translucent database. (See description.)

The simplest solutions use one-way function like SHA-256 at the client to scramble the name and password before storing the information. Here's a quick example of what a table of store purchases might look like before the data is scrambled:

Before Translucency

name

password

product name

purchase date

size 1

size 2

Bob Jones

Swordfish

Brawny Pants

Jan 24 2009

32

34

Bob Jones

Swordfish

Dancing Pants

Jan 24 2009

32

34

Mary Smith

plastics

Broadway Hat

Jan 24 2009

10

-

Mary Smith

plastics

Shopping Pants

Jan 25 2009

26

28

Constance Dalmation

greeny

Shopping Pants

Jan 26 2009

25

27

After Translucency

SHA256(name&password)

product name

purchase date

size 1

size 2

a67373bc873aacd99392

Brawny Pants

Jan 24 2009

32

34

a67373bc873aacd99392

Dancing Pants

Jan 24 2009

32

34

3c939a9d9939de993993

Broadway Hat

Jan 24 2009

10

-

3c939a9d9939de993993

Shopping Pants

Jan 25 2009

26

28

99929d99c9a999a9dd8d

Shopping Pants

Jan 26 2009

25

27

This solution gives the client control of the data in the database without requiring a thick layer on the database to test each transaction. Some advantages are:

There are limitations:

There are many variations on the theme detailed in the book ''Translucent Databases'' including:

Here are several case studies:

Client-Side Libraries

Here are some Javascript libraries for implementing client-side security:

How_to_add_client-side_security (last edited 2011-11-23 15:14:48 by JanLehnardt)