couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: default vhost config option
Date Mon, 15 Mar 2010 16:24:45 GMT
On Mon, Mar 15, 2010 at 5:15 PM, Chris Anderson <jchris@apache.org> wrote:
> On Mon, Mar 15, 2010 at 10:52 AM, Benoit Chesneau <bchesneau@gmail.com> wrote:
>> Hi all,
>>
>> Like discussed on irc, i would propose to add a default vhost option to couchdb:
>>
>> - it solves problem when someone connect to CouchDB whithout an host header
>> - it allows someone to not expose whole api of CouchDB using the rewriter.
>>
>
> As long as we are discussing security, we should think about this:
> It'd be nice to be able to "sandbox" _design documents to a given
> database (the one they are hosted in.) One way to do this is with a
> vhost rule that says mydb.mycouch.com may only make requests within
> /mydb/
>
> How to implement this is a bit tougher. Do we do path-based
> restrictions (after all rewrite rules have been applied)?  Do we
> restrict the rewriter's ability to use ../../.. constructs so that it
> must stay within it's own database?

This is needed if you want to have a _replicate handler at app level
though. But i don't see the need to restrict on this side, you look in
the wrong way. Imo we should restrict external calls not internals.

It could be done like i do on couchdbproxy (this version and the one
coming). couchdbproxy take all asks from this patch and use it as
prefix for all locations. Internally you can still rewrite, but what a
use will show is only locations prefixed by somepath/ .


>
> This stuff is crucial for security, as people will be replicating
> around random applications, and we don't want some spyware app to have
> access to the database which hosts your financial information.


there are other pbs for that and maybe I missed some commit. I think
about the possibility to read the users db or maybe i missed a commit.
Is there an handler like _security to create a user ?

Mime
View raw message