On Mon, Mar 15, 2010 at 1:26 PM, Jan Lehnardt <jan@apache.org> wrote:
>
> On 15 Mar 2010, at 12:21, Paul Davis wrote:
>
>>> Apache CouchDB discussions must happen on a mailing list.
>>
>> Hence, this thread. XD
>>
>> [11:25] <benoitc> mmmm
>> [11:26] <benoitc> about Host header and vhost
>> [11:26] <benoitc> couldn't we simply forbid messages without Host ?
>> [11:26] <davisp> benoitc: sounds like a config option
>> [11:26] <benoitc> yup
>> [11:27] <benoitc> that would solve the need of a proxy for some uses I guess
>> [11:27] <benoitc> with a default virtualhost to nothing
>> [11:28] <benoitc> (or an info page)
>> [11:28] <davisp> Oh, maybe that's a better config options,
>> "defualt_vhost" like most web servers use
>> [11:28] <benoitc> yes right
>> [11:30] <benoitc> mmm i could implement that anything against ?
>> [11:32] <davisp> Sounds like a question for dev@
>
> Thanks. :)
>
>
>> I don't think this discussion should have anything to do with
>> security. A rewrite/vhost configuration is not a substitute for a
>> proper security system.
>
> Exactly. Hence advertising it for "hiding the API" makes me feel
> uncomfortable.

Indeed. Perhaps just calling it what it is might be best. To me it
clicked when I thought about it in terms of web server configurations.

> Cheers
> Jan
> --
>
>