I am just getting started couchdb and have been looking into writing couch apps. the idea is pretty cool. From what I can tell so far, its great for writing front facing apps, but what I have not been able to tell yet is securing data and your code.
For example, if I have an app on something like iriscouch, it seems like the whole database is replicatable to the world. which is fine for those things. But if I were to host something on something like cloudant (or self hosted) where I dont want joe schmoe to replicate my db (assuming I have it at my own domain), is there a way to secure and not let all of your source code out?
Maybe its just my understanding so far. But when you have javascript you can always see the source. Is that any different when building couch apps? Such as if I wanted to keep the back end js code proprietary.
When building front ends, the client code obviously doesnt matter. But Im wondering if is possible to use the html/js to build apps where I can keep the back end proprietary. Or is this just out of scope of couchapps?
CouchDB has very primitive access control. It is not possible to build a security minded web application, like a shopping cart, using this access control system. In order to enforce more complex access control rules you need to build a middle-ware between JavaScript and CouchDB. In this case the user logs into the middle-ware, and this code is responsible for keeping track of who the user is and what resources they have access to.