You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Martin Hilbig <bl...@gmx.net> on 2011/05/03 22:11:00 UTC
sponsoring secure vhost/rewrites
hi,
i want to program and rent couchapps. i want couchdb/bigcouch to be my
db, app and webserver.
i dont want a middlelayer like a(n) (apache) proxy, just to filter out
clients which try cheating by using no Host header or ../../../ url
trickery.
can this be accomplished already? sadly i didnt find anything and i
remember @janl telling me that vhosts and rewrites arent meant to be
security features. why is that so?
my naive thoughts of a secure vhost handling which make proxies obsolete:
* the vhost handler should redirect clients with no Host header to a
"default" vhost or send a 403/404.
* requests containing (to many) .. or starting with _ in the resource
should get redirected/404/403ed too.
what other requests can you think of to circumvent the vhost
handler/rewriter?
are the 2 points above already possible today? please redirect me to docs.
where should i start hacking, when i want to implent them myself?
is anyone willing to implement them for me (or see how far she gets) in
10h = 100eurs? yea, this means i want those points so hard i would throw
in 10h hours or 100eurs or 100$ to get someone (at least) started on
them. is this okay or inappropriate here or is there a better place for
couchdb job offers (maybe the user@ list)?
have fun
martin