couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giovanni Lenzi <g.le...@smileupps.com>
Subject CouchDB secure even withouth a proxy
Date Fri, 08 May 2015 16:10:03 GMT
Hi everyone,

I would like to write down some ideas I had, because there is high
probability I'm going to forgot them soon :)

This idea targets a secure use of CouchDB, even when you don't have a proxy
in front of it.

Given that:
1. the main security concern in the past was related to accessing couchdb
root directly, which allowed access to _all_docs, _changes, _all_dbs or
others global and db handlers
2. ddocs rewriting rules can be used fairly well to implement security,
selectively preventing access to any kind of handler

I am asking myself if, in the event the developer wants to access his
instance through a "vhost/url rewriting document", is it possible to
prevent any request with a wrong header? Where wrong header could be
translated both in "host header not specified" or "specified header is not
included in vhost configuration section"

Maybe a "default vhost path" variable (initially defaulting to "/" or
empty) could be used as default "url rewriting document path" in case of
wrong Host headers?

Will this address the purpose above? Is it possible to implement?

-- 
Giovanni Lenzi
www.smileupps.com
Smileupps Cloud App Store

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message