couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Shorin <kxe...@gmail.com>
Subject Re: Admin party considered harmful
Date Sun, 17 Apr 2016 07:09:47 GMT
Hi Paul!

Yes, Admin Party is harmful and must be fixed if your CouchDB gain
access not only from localhost. There are no doubts on that.

CouchDB 2.0 will force you to fix it if you're going to setup a cluster.
--
,,,^..^,,,


On Sun, Apr 17, 2016 at 6:09 AM, Paul Hammant <paul@hammant.org> wrote:
> (Cultural ref: https://en.wikipedia.org/wiki/Considered_harmful)
>
> So AdminParty is fun for there 2 minute "hey this stuff is great" tour of
> CouchDB, but it leaves me (and others) worried that we don't know the 52
> specialist knowledge things to do to lock down a couch install completely.
> You know: 443-only, a top-level administrator, sub administrators, regular
> accounts, different read vs write permissions, etc etc. We can't imagine
> going live with a CouchDB solution without that, and it makes us think we
> should look for other technologies when there is no cohesive 100% dev-team
> endorsed page on how to close down the party once and for all. Sooooo - *if
> that page exists, I can't find it*.  Is the comummunity even in agreement -
> is it changes to default.ini, local.ini (server side), or is it a series of
> curl statements over the wire (and why)?
>
> - Paul

Mime
View raw message