couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: default vhost config option
Date Mon, 15 Mar 2010 17:26:05 GMT

On 15 Mar 2010, at 12:21, Paul Davis wrote:

>> Apache CouchDB discussions must happen on a mailing list.
> 
> Hence, this thread. XD
> 
> [11:25] <benoitc> mmmm
> [11:26] <benoitc> about Host header and vhost
> [11:26] <benoitc> couldn't we simply forbid messages without Host ?
> [11:26] <davisp> benoitc: sounds like a config option
> [11:26] <benoitc> yup
> [11:27] <benoitc> that would solve the need of a proxy for some uses I guess
> [11:27] <benoitc> with a default virtualhost to nothing
> [11:28] <benoitc> (or an info page)
> [11:28] <davisp> Oh, maybe that's a better config options,
> "defualt_vhost" like most web servers use
> [11:28] <benoitc> yes right
> [11:30] <benoitc> mmm i could implement that anything against ?
> [11:32] <davisp> Sounds like a question for dev@

Thanks. :)


> I don't think this discussion should have anything to do with
> security. A rewrite/vhost configuration is not a substitute for a
> proper security system.

Exactly. Hence advertising it for "hiding the API" makes me feel
uncomfortable.

Cheers
Jan
--


Mime
View raw message