couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giovanni Lenzi <>
Subject CouchDB secure even withouth a proxy
Date Fri, 08 May 2015 16:10:03 GMT
Hi everyone,

I would like to write down some ideas I had, because there is high
probability I'm going to forgot them soon :)

This idea targets a secure use of CouchDB, even when you don't have a proxy
in front of it.

Given that:
1. the main security concern in the past was related to accessing couchdb
root directly, which allowed access to _all_docs, _changes, _all_dbs or
others global and db handlers
2. ddocs rewriting rules can be used fairly well to implement security,
selectively preventing access to any kind of handler

I am asking myself if, in the event the developer wants to access his
instance through a "vhost/url rewriting document", is it possible to
prevent any request with a wrong header? Where wrong header could be
translated both in "host header not specified" or "specified header is not
included in vhost configuration section"

Maybe a "default vhost path" variable (initially defaulting to "/" or
empty) could be used as default "url rewriting document path" in case of
wrong Host headers?

Will this address the purpose above? Is it possible to implement?

Giovanni Lenzi
Smileupps Cloud App Store

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message