What the HTTP is CouchApp

CouchDB is really fun. The rules are very tight, but consistent, and it quickly appears to be a shotgun to cause a lot of damage with. Especially with good with Javascript on the client side. There is a native Javascript driver and the protocol is RESTful (HTTP GET, PUT, DELETE).<p>Compare the the closest NoSQL alternative, MongoDB. I say close because they are both document stores (fancy key/value) with indexing and map/reduce.<p>MongoDB is very lean and blazing fast. But there isn't anything close to an HTTP layer in Mongo. It speaks in a binary JSON protocol. The format, commands, and driver, while well done, are a whole new set of rules to learn. Plus a Ruby middleware to talk HTTP.<p>My conclusions are from writing a simple app with both backends. Punchline: After all this experimentation I realize I need a relational DB for my project.

This is really cool, especially with companies now providing CouchDB hosting.<p>The article says that writes can be validated so only authorised users may write. Does anybody know if its possible to limit read access to certain users? If so, I may revive an abandoned project and try it as a CouchApp.

<i>In fact, the bad old days are still with us, as most applications still rely on fragile custom code, running in an application server like Ruby on Rails, Python's Django, or some kinda Java thing.</i><p>I'm pretty sure the fragility of the code is as much down to the person writing it as it is to the platform. I don't think it's fair to say that application servers are inherently fragile; run Python or Java apps on App Engine and you're unlikely to ever have a genuine scaling problem...<p>BTW is that how we quote text here?

If an app can be replicated to a user's machine, can the user then also manipulate the couchapp's view and design documents using futon or otherwise, even though validation functions are in place?<p>ie, would a user be able to alter the application themselves, and not just their data?

I've been waiting for this for a long time. Case in point: Feedlooks.com.<p>I created the entire app logic in jQuery, which is amazing for rapid app development by the way, and all that missing was an http data server.<p>Of course I had to build my own interface on the server side to mediate the database transfer. It's really an unnecessary layer.<p>Glad someone had this idea.

What about user input validation? If I understand it correctly, all the application code resides in the browser. This means that there is no server side code to make sure that the data stored in the database is properly sanitized. For example, how would you go about making sure an input doesn't contain HTML code? If the verification is made on the client side, it is easy to circumvent it.