You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@couchdb.apache.org by Aaron Boxer <bo...@gmail.com> on 2010/02/11 21:30:24 UTC

Security

Hello There!

I am very new to couchdb. I would like to control access to my database.
Currently I can open Futon and change whatever I like.

Any help would be greatly appreciated.

Thanks!

Aaron

Re: Security

Posted by Brian Candler <B....@pobox.com>.

On Thu, Feb 11, 2010 at 04:12:58PM -0500, Aaron Boxer wrote:
> Thanks very much, this helps a lot.  Am I correct in surmising that
> once a password is set, anyone
> can do a HTTP GET on my database, but not an HTTP POST ?

They can still do PUT and POST as well, but you can restrict those actions
using a validate_doc_update function in a design doc.

More access control stuff has hit trunk in the last few days and may end up
in 0.11, depending on exactly what point the branch is taken from.

Regards,

Brian.

Re: Security

Posted by Noah Slater <ns...@tumbolia.org>.

You probably want to consider shoving a proxy in front of CouchDB. One the major bonuses we get from speaking vanilla HTTP is that there is myriad software to act as a gateway for your database. You could reverse proxy with Apache and deny access to everyone, and permit access to an IP range, and with a password, and over SSL. Mix and match to your heart's content.

On 11 Feb 2010, at 21:12, Aaron Boxer wrote:

> Hi David,
> 
> Thanks very much, this helps a lot.  Am I correct in surmising that
> once a password is set, anyone
> can do a HTTP GET on my database, but not an HTTP POST ?
> 
> Slán abhaile,
> Aaron
> 
> On Thu, Feb 11, 2010 at 3:50 PM, David Coallier
> <da...@gmail.com> wrote:
>> On 11 February 2010 20:30, Aaron Boxer <bo...@gmail.com> wrote:
>>> Hello There!
>>> 
>>> I am very new to couchdb. I would like to control access to my database.
>>> Currently I can open Futon and change whatever I like.
>> 
>> Hey there Aaron :)
>> 
>> You might be interested in looking at:
>> http://wiki.apache.org/couchdb/Security_Features_Overview
>> 
>> Should get your well started :)
>> 
>> --
>> Slan,
>> David
>>

Re: Security

Posted by Aaron Boxer <bo...@gmail.com>.

Hi David,

Thanks very much, this helps a lot.  Am I correct in surmising that
once a password is set, anyone
can do a HTTP GET on my database, but not an HTTP POST ?

Slán abhaile,
Aaron

On Thu, Feb 11, 2010 at 3:50 PM, David Coallier
<da...@gmail.com> wrote:
> On 11 February 2010 20:30, Aaron Boxer <bo...@gmail.com> wrote:
>> Hello There!
>>
>> I am very new to couchdb. I would like to control access to my database.
>> Currently I can open Futon and change whatever I like.
>
> Hey there Aaron :)
>
> You might be interested in looking at:
> http://wiki.apache.org/couchdb/Security_Features_Overview
>
> Should get your well started :)
>
> --
> Slan,
> David
>

Re: Security

Posted by David Coallier <da...@gmail.com>.

On 11 February 2010 20:30, Aaron Boxer <bo...@gmail.com> wrote:
> Hello There!
>
> I am very new to couchdb. I would like to control access to my database.
> Currently I can open Futon and change whatever I like.

Hey there Aaron :)

You might be interested in looking at:
http://wiki.apache.org/couchdb/Security_Features_Overview

Should get your well started :)

-- 
Slan,
David