Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 52120 invoked from network); 15 Mar 2010 16:26:04 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 15 Mar 2010 16:26:04 -0000 Received: (qmail 70385 invoked by uid 500); 15 Mar 2010 16:25:16 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 70340 invoked by uid 500); 15 Mar 2010 16:25:16 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 70332 invoked by uid 99); 15 Mar 2010 16:25:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Mar 2010 16:25:16 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of bchesneau@gmail.com designates 209.85.160.52 as permitted sender) Received: from [209.85.160.52] (HELO mail-pw0-f52.google.com) (209.85.160.52) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Mar 2010 16:25:09 +0000 Received: by pwj9 with SMTP id 9so107207pwj.11 for ; Mon, 15 Mar 2010 09:24:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=43vkEsodzFAg4yz19f2a0gYvoa8VuV5GV7fOIw4bZOY=; b=lTn1s+266PP5vO0fqMDDGYVbvona7opu7qPzWzDYYMlBxqQQu2SuyFBWLkwCNeznY9 GzGR/Z7hE5SXUF+Cka/bQsgJWbrT+MpwVlW5vjXxKor/HLItH6tCrIOEs1A/BGxS34OQ v6igPern5sVs99p8FWpyKnupMCeEou5wP64ew= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=YytILGzj1dnTlGvdsqp2SJoYyBQZg7Yejp8/awGdMFMJrv+OK2JUcwL9ysGpoavJAN tWIQZM8JwE1iQqK+dtcgsq1ZlabhP95GdJ0wbL9YSjR3M56H2MPNGAeZidDYFElW6aAC QgHOAFMkyZFP9bKQ0oxs0SSYjmpANMul0xvQM= MIME-Version: 1.0 Received: by 10.140.247.19 with SMTP id u19mr5982018rvh.263.1268670285340; Mon, 15 Mar 2010 09:24:45 -0700 (PDT) In-Reply-To: References: Date: Mon, 15 Mar 2010 17:24:45 +0100 Message-ID: Subject: Re: default vhost config option From: Benoit Chesneau To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org On Mon, Mar 15, 2010 at 5:15 PM, Chris Anderson wrote: > On Mon, Mar 15, 2010 at 10:52 AM, Benoit Chesneau wrote: >> Hi all, >> >> Like discussed on irc, i would propose to add a default vhost option to couchdb: >> >> - it solves problem when someone connect to CouchDB whithout an host header >> - it allows someone to not expose whole api of CouchDB using the rewriter. >> > > As long as we are discussing security, we should think about this: > It'd be nice to be able to "sandbox" _design documents to a given > database (the one they are hosted in.) One way to do this is with a > vhost rule that says mydb.mycouch.com may only make requests within > /mydb/ > > How to implement this is a bit tougher. Do we do path-based > restrictions (after all rewrite rules have been applied)? Do we > restrict the rewriter's ability to use ../../.. constructs so that it > must stay within it's own database? This is needed if you want to have a _replicate handler at app level though. But i don't see the need to restrict on this side, you look in the wrong way. Imo we should restrict external calls not internals. It could be done like i do on couchdbproxy (this version and the one coming). couchdbproxy take all asks from this patch and use it as prefix for all locations. Internally you can still rewrite, but what a use will show is only locations prefixed by somepath/ . > > This stuff is crucial for security, as people will be replicating > around random applications, and we don't want some spyware app to have > access to the database which hosts your financial information. there are other pbs for that and maybe I missed some commit. I think about the possibility to read the users db or maybe i missed a commit. Is there an handler like _security to create a user ?