couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: default vhost config option
Date Mon, 15 Mar 2010 17:31:52 GMT
On Mon, Mar 15, 2010 at 6:26 PM, Jan Lehnardt <jan@apache.org> wrote:
>
> On 15 Mar 2010, at 12:21, Paul Davis wrote:
>
>>> Apache CouchDB discussions must happen on a mailing list.
>>
>> Hence, this thread. XD
>>
>> [11:25] <benoitc> mmmm
>> [11:26] <benoitc> about Host header and vhost
>> [11:26] <benoitc> couldn't we simply forbid messages without Host ?
>> [11:26] <davisp> benoitc: sounds like a config option
>> [11:26] <benoitc> yup
>> [11:27] <benoitc> that would solve the need of a proxy for some uses I guess
>> [11:27] <benoitc> with a default virtualhost to nothing
>> [11:28] <benoitc> (or an info page)
>> [11:28] <davisp> Oh, maybe that's a better config options,
>> "defualt_vhost" like most web servers use
>> [11:28] <benoitc> yes right
>> [11:30] <benoitc> mmm i could implement that anything against ?
>> [11:32] <davisp> Sounds like a question for dev@
>
> Thanks. :)
>
>
>> I don't think this discussion should have anything to do with
>> security. A rewrite/vhost configuration is not a substitute for a
>> proper security system.
>
> Exactly. Hence advertising it for "hiding the API" makes me feel
> uncomfortable.
>
I didn't speak about security. also hiding != not exposing. goals
could be different ;)

- benoit

Mime
View raw message