You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Victor Stan <vi...@gmail.com> on 2010/11/08 15:53:04 UTC
CouchDB behind apache reverse proxy
Hello,
I've been considering methods of accessing CouchDB directly from the
browser, and one method seems to be using Apache or NginX as a reverse
proxy for CouchDB.
If there are people with experience in that area in this forum, could
you please share some of the gotchas when it comes to securing access
to the database; as it seems to me that by removing the server side
scripts, a security layer is also removed...
Cheers,
Victor Stan
Re: CouchDB behind apache reverse proxy
Posted by Zachary Zolton <za...@gmail.com>.
> - have anonymous writes to the database, from the browser (can couchDB
> validate content before storing it?)
Certainly, check out:
http://guide.couchdb.org/draft/validation.html
> - anonymous reads of only specific views, is there a way to limit
> reads of only specific views? Perhaps through Apache R-Proxying?
Nope. That's what I was referring to earlier: a user gets
all-or-nothing access to a database, including views.
I'd need to hear more about what you're trying to build, though, to
give you better advice on how to work around these limitations.
Cheers,
Zach
Re: CouchDB behind apache reverse proxy
Posted by Victor Stan <vi...@gmail.com>.
Thanks for the resources, I will take a look...
I need to:
- have anonymous writes to the database, from the browser (can couchDB
validate content before storing it?)
- anonymous reads of only specific views, is there a way to limit
reads of only specific views? Perhaps through Apache R-Proxying?
Cheers,
Victor Stan
On Mon, Nov 8, 2010 at 11:32 AM, Zachary Zolton
<za...@gmail.com> wrote:
> Victor,
>
> If you serve CouchDB directly, or just proxy CouchDB via a web server,
> you're gonna need to read up on the CouchDB security model and
> consider whether it fits your application.
>
> This should get you started:
> http://guide.couchdb.org/draft/security.html
> http://is.gd/gQ3XO
> http://www.youtube.com/watch?v=oHKvV3Nh-CI
>
> The main 'gotcha' with CouchDB's security model is that a user can
> either access all or none of the resources for any particular
> database. Consider what types of data can be accessed anonymously, by
> a particular user or by a role shared by multiple users. You may need
> to place documents in different databases depending on who may access
> them.
>
> Perhaps you could explain more of your scenario.
>
>
> Cheers,
>
> Zach
>
> On Mon, Nov 8, 2010 at 8:53 AM, Victor Stan <vi...@gmail.com> wrote:
>> Hello,
>>
>> I've been considering methods of accessing CouchDB directly from the
>> browser, and one method seems to be using Apache or NginX as a reverse
>> proxy for CouchDB.
>>
>> If there are people with experience in that area in this forum, could
>> you please share some of the gotchas when it comes to securing access
>> to the database; as it seems to me that by removing the server side
>> scripts, a security layer is also removed...
>>
>> Cheers,
>> Victor Stan
>>
>
Re: CouchDB behind apache reverse proxy
Posted by Zachary Zolton <za...@gmail.com>.
Victor,
If you serve CouchDB directly, or just proxy CouchDB via a web server,
you're gonna need to read up on the CouchDB security model and
consider whether it fits your application.
This should get you started:
http://guide.couchdb.org/draft/security.html
http://is.gd/gQ3XO
http://www.youtube.com/watch?v=oHKvV3Nh-CI
The main 'gotcha' with CouchDB's security model is that a user can
either access all or none of the resources for any particular
database. Consider what types of data can be accessed anonymously, by
a particular user or by a role shared by multiple users. You may need
to place documents in different databases depending on who may access
them.
Perhaps you could explain more of your scenario.
Cheers,
Zach
On Mon, Nov 8, 2010 at 8:53 AM, Victor Stan <vi...@gmail.com> wrote:
> Hello,
>
> I've been considering methods of accessing CouchDB directly from the
> browser, and one method seems to be using Apache or NginX as a reverse
> proxy for CouchDB.
>
> If there are people with experience in that area in this forum, could
> you please share some of the gotchas when it comes to securing access
> to the database; as it seems to me that by removing the server side
> scripts, a security layer is also removed...
>
> Cheers,
> Victor Stan
>