Hi again!

I'm working mainly on a site for an association and I thought it a nice idea that every member should input his data on the website, so that everyone can update his information by himself and everything gets collected at the same place and is easily accessible. Now there were some questions on the security of the information (and I generally am not very well versed in this topic). How is that handled in couch? Would someone have access to all the information if he could lay his hands on the database? Or would you even advise against such use?

[KK]

Hi Klaus,

As far as security is concerned, Couch (like any other CMS) makes sure the data getting in is sanitized so as to prevent attacks like SQL injection, XSS etc.

However once the data gets persisted in the database, Couch is out of the equation - that is to say if someone could access the database directly, there is nothing Couch can possibly do as it is not in the scene at all (the account passwords are an exception as they get persisted in a hash form so even if the database is accessed directly, the passwords are not revealed).

That said, the scenario where some unauthorized person can access your database directly is likely only when your server gets hacked - and in that case you'll have bigger problems at hand to worry about.

Thanks for clarifying! I have an idea for a little work around (in terms of safety), but I'm not sure how to save only a part of an inputted data to couch:

Like the user upon registration enters his Hometown which gets send via mail in full to the administrator, but only the first 3(4, 5 whatever ) characters get saved to couch.

e.g. he inputs "Hamburg", but only "Ham" should remain.

Hi Klaus,

I think for returning a part of a text input you could use php substr.
So before sending the input Hamburg set this as a couch variable end use
echo substr('couchvariable', 0, 4); // this returns couc

I'm not sure if this is flawless tough