Forum for discussing general topics related to Couch.
3 posts Page 1 of 1
hello again all - with reference to another posting (https://www.couchcms.com/forum/viewtopic.php?f=2&t=12496) I made recently about a possible application using Couch I have another related question which other Couch users must have come across. When your client is using Couch to input private/sensitive information which is viewable front-end to logged in users only - how do you explain the 'outside presence' of a SuperAdmin within the Admin Panel as one of the Users, and therefore with access to view all that private data? I know it is required of Couch that SuperAdmin logs in to register template changes, but if I were a client of me (?!) I'd be scratching my head at what would seem like an invasion of my private Admin Panel!
Is there any excuse in your use case to maintain superadmin credentials for yourself and not hand them over to the client? Commonly I am building a backend with random data, set comfortably for testing purposes and highlight error-prone/insecure inputs etc. Once that is done, client retains full control over the hosting (ftp), admin panel, database. It is my job to make it as secure as possible and strike out every non-relevant person, including myself, from access.

I suspect your question is not about a common job, rather a backend-as-a-service. I have an experience with that as well. In all such cases, real backend is accessed only by you, the owner of the service and, under circumstances, your company's admins/developers. As well as the database is under your strict maintenance and your job is to avoid any leaks from your app. This forum, for example, has its moderators, users, groups etc, but the ultimate backend and database is maintained by the owner of the app. Nothing to explain to anyone, really. Here you retain full control and do not hand over anything (no files, no backend, no database), so only provide the service, which is now your complete responsibility.

I hope there is a 3rd way of doing things - something in between the 2 above approaches. However, I haven't seen it yet. If a client okays your presence as superadmin in their system, it is still a variant of the first approach. The real alternative is your participation in their business as an associate or partner, therefore they have everything and you also have access to everything and you and the client share responsibilities, because both have a stake in the business.
potato wrote: therefore with access to view all that private data?

Another idea - private data can be encoded with a private key.

A road had been paved already by @Kadeyrn - see his example "Encrypting strings of databound forms" viewtopic.php?p=27059#p27050

Administrator (website owner) will see decrypted content in Admin Panel, while SuperAdmin will see encrypted content in AdminPanel. Editable private fields should also be unsearchable with searchable='0'.
3 posts Page 1 of 1