search

rwadholm / The-Little-Library

The Little Library is an open source app that allows you to upload, store, and share creative commons licensed content across computers and digital devices, offline and in the cloud.
http://www.thelittlelibrary.com
16 stars 3 forks source link

Replication problems #3

Closed maf-jclark closed 13 years ago

maf-jclark commented 13 years ago

I'm having replication problems when setting up my own instance. I think the issue may be in library.js on lines 118 and 130, which point to url: "_replicate". My installed instance of CouchDB has "_replicator".

Once I changed those lines to url: "_replicator" and reattached them to _design/library I was able to successfully login and sync with my online library. However, my online and local db for my user 'john' is not replicating at all.

I think the difficulty lies in some hardcoded "https" declarations and my server doesn't (yet) have an ssl cert installed. I guess this is more of a bug fix and a note to users who want to use the Little Library without an ssl cert.

rwadholm commented 13 years ago

Thanks for pointing me to the issue! Unfortunately, if "_replicate" is changed to "_replicator", users with CouchDB versions below 1.1 won't be able to use it all (this includes me on my Mac). What's the rev number on your local _design/library? Is it 298?

If https isn't used on the online server for authentication, the user's username and password are sent over the wire as plaintext, making their library liable to security vulnerabilities. I need to add this warning into the documentation.

Are you able to use the sync page in LL to replicate to or from your online library?

maf-jclark commented 13 years ago

... jquery.couch.js is also using _replicate quite a lot... not sure if I am fine changing all those instances to make things work...

maf-jclark commented 13 years ago

Hmm, it seems that my local library is at an older rev (how do you do a sheepish emoticon?) I replicated back when it was released and not since. I'll fix that and let you know.

rwadholm commented 13 years ago

If you change _replicate to _replicator, you'll end up creating an enormous amount of replications in the _replicator db, which may slow your client down significantly after several uses of the library. Replicate is only a one time thing, or at most a session specific replication, so there aren't retries after the local client is closed.

The _replicator is an additional functionality, above and beyond the _replicate function, that stores replication info in a db. It does work a bit better, and is a good model for long-term continuous replications, but sometimes isn't a good idea for normal replications, because it stores the username and password of the authentication for the replication in plain text in the _replicator db for all eyes to see that have access to the local machine.

rwadholm commented 13 years ago

Fixed in Version 1.0