require admin for temporary view?

["Kevin R. Coombes" <ke...@gmail.com>]

Our local sysadmins (who are doing their best to train me to be 
paranoid) raised a question about couchdb applications. They  are 
worried about the potential for DoS attacks (and if they had their way, 
would disable all POST and PUT commands on everything...).

Is it possible to configure the server to require admin (or at least 
database admin) credentials in order to post a temporary view? Is it 
desirable?

     Kevin

Re: require admin for temporary view?

["Kevin R. Coombes" <ke...@gmail.com>]

I don't use them myself for anything.  But the API defines them, so some 
rogue user could conceivably write the equivalent of
     for each document
         emit it a million times
and cripple the server.

When I google "couchdb disable temporary view", nothing particularly 
useful comes back. When you suggest disabling them, do you mean using a 
proxy to block them? Or is there a couch-specific way to configure the 
couch server to refuse them (either totally or conditionally on the 
provision of admin credentials)?

     Kevin

On 2/21/2012 4:07 PM, Sam Bisbee wrote:
> On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes
> <ke...@gmail.com>  wrote:
>> Our local sysadmins (who are doing their best to train me to be paranoid)
>> raised a question about couchdb applications. They  are worried about the
>> potential for DoS attacks (and if they had their way, would disable all POST
>> and PUT commands on everything...).
>>
>> Is it possible to configure the server to require admin (or at least
>> database admin) credentials in order to post a temporary view? Is it
>> desirable?
> If this is a production system then I would just disable temporary
> views altogether, but leave them enabled on developer boxes/servers.
> You should not be using temporary views for anything other than
> development, using something like couchdb-lucene instead for adhoc
> queries (https://github.com/rnewson/couchdb-lucene).
>
> Cheers,
>
> --
> Sam Bisbee

Re: require admin for temporary view?

[Robert Newson <rn...@apache.org>]

To disable it server-wide with;

curl localhost:5984/_config/httpd_db_handlers/_temp_view -X DELETE

B.

On 21 February 2012 22:07, Sam Bisbee <sa...@sbisbee.com> wrote:
> On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes
> <ke...@gmail.com> wrote:
>> Our local sysadmins (who are doing their best to train me to be paranoid)
>> raised a question about couchdb applications. They  are worried about the
>> potential for DoS attacks (and if they had their way, would disable all POST
>> and PUT commands on everything...).
>>
>> Is it possible to configure the server to require admin (or at least
>> database admin) credentials in order to post a temporary view? Is it
>> desirable?
>
> If this is a production system then I would just disable temporary
> views altogether, but leave them enabled on developer boxes/servers.
> You should not be using temporary views for anything other than
> development, using something like couchdb-lucene instead for adhoc
> queries (https://github.com/rnewson/couchdb-lucene).
>
> Cheers,
>
> --
> Sam Bisbee

Re: require admin for temporary view?

[Sam Bisbee <sa...@sbisbee.com>]

On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes
<ke...@gmail.com> wrote:
> Our local sysadmins (who are doing their best to train me to be paranoid)
> raised a question about couchdb applications. They  are worried about the
> potential for DoS attacks (and if they had their way, would disable all POST
> and PUT commands on everything...).
>
> Is it possible to configure the server to require admin (or at least
> database admin) credentials in order to post a temporary view? Is it
> desirable?

If this is a production system then I would just disable temporary
views altogether, but leave them enabled on developer boxes/servers.
You should not be using temporary views for anything other than
development, using something like couchdb-lucene instead for adhoc
queries (https://github.com/rnewson/couchdb-lucene).

Cheers,

--
Sam Bisbee