Return-Path: 
 <dev-return-46043-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-dev-archive@www.apache.org
Delivered-To: apmail-couchdb-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 66C341817C
	for <apmail-couchdb-dev-archive@www.apache.org>;
 Sun, 17 Apr 2016 07:10:02 +0000 (UTC)
Received: (qmail 76865 invoked by uid 500); 17 Apr 2016 07:09:56 -0000
Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org
Received: (qmail 76787 invoked by uid 500); 17 Apr 2016 07:09:56 -0000
Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 76775 invoked by uid 99); 17 Apr 2016 07:09:56 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Apr 2016 07:09:56 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id D9E9718002D
	for <dev@couchdb.apache.org>; Sun, 17 Apr 2016 07:09:55 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.802
X-Spam-Level: 
X-Spam-Status: No, score=-0.802 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx2-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id Oyj_DMj3JtGk for <dev@couchdb.apache.org>;
	Sun, 17 Apr 2016 07:09:53 +0000 (UTC)
Received: from mail-io0-f180.google.com (mail-io0-f180.google.com
 [209.85.223.180])
	by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS
 id 9058D5FACA
	for <dev@couchdb.apache.org>; Sun, 17 Apr 2016 07:09:53 +0000 (UTC)
Received: by mail-io0-f180.google.com with SMTP id 2so170158422ioy.1
        for <dev@couchdb.apache.org>; Sun, 17 Apr 2016 00:09:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to;
        bh=S2m8ZjzB0+Bzxm58PZXhCUKYRXkwvooWUAj30ysteSE=;
        b=oYDKzqCx/0G+cMIRC/nSvku1yMaPl/KP60geTb7ZgHNki1Hk+8Dc6wAP5R7qVJlZC7
         BuTPYaGgV+MZc/VL5glW6uGLaET7/reTjaq/DfXb8Em/bHPkg2B0bbhiaNlg4nUYkT/j
         SN/D53+sHgO8IH7VxEky5YR7WttWrGa00gXig7FLd5a2A9EZJPYZydm+wc7cbSUayc9Z
         yYkvwKD/A1olGC8NQsLspzSqbyg6nW6bg/9w/y5uljOYWkH4yPjAyEQkgI61lqhTBeT3
         E/cjT1uMoU9g+IrRtosHTZbkqFsjU30E5EdOFDd4kgQhexYhhv7AgKNINxJ10s2/+F1i
         ekbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to;
        bh=S2m8ZjzB0+Bzxm58PZXhCUKYRXkwvooWUAj30ysteSE=;
        b=bgZK25GsUDjArTnygi4tCh6NL2hxYhdlYVmXsVCQ91N/P+bIAkL7+CJR0FFs047yK1
         GFAFVhpT6+p16MCFV9bHXcboKDBBRAZW4ghBgWrjUTqIxuPLjQQ75WH40nuCfZdNCOVr
         suK4YfrsvZPXUq+QlGsWtmHuoF5K6Nk5BJ/5A1h+PYFOq1csO8KQkcc64KvJXzeMRa4/
         DlDvkYRFTIomA4bZAVj+s9ZFP6dsZ5nk20leXC/ds7eWP5MGBGGM75mHZMUcOWQJaUJa
         d1yeJx1El7tKQDPV2BOTCoDtoH9369E9LTcb04F7gnbhOQ/zJUqqNb8c0Q2McIWRK2VN
         iisw==
X-Gm-Message-State: 
 AOPr4FWA+Y0k1jt2Yh+mPhatY1Fk4obI+rZ5s3fnQL011U59vgA+a4lGqYCG0uwLefiHTV5835gDNCKHWaGo7Q==
MIME-Version: 1.0
X-Received: by 10.107.184.8 with SMTP id i8mr30363365iof.96.1460876987088;
 Sun, 17 Apr 2016 00:09:47 -0700 (PDT)
Received: by 10.36.218.67 with HTTP; Sun, 17 Apr 2016 00:09:47 -0700 (PDT)
In-Reply-To: 
 <CA+298UiL1VQcZ70ARrj4gOOko32=D6=Bi9Ymui-c9cmdFgmKwA@mail.gmail.com>
References: 
 <CA+298UiL1VQcZ70ARrj4gOOko32=D6=Bi9Ymui-c9cmdFgmKwA@mail.gmail.com>
Date: Sun, 17 Apr 2016 10:09:47 +0300
Message-ID: 
 <CAHdjip+Q-3oKfaJwuq004KFXaH_Jfp4NucexKD58PAYOgMKwZA@mail.gmail.com>
Subject: Re: Admin party considered harmful
From: Alexander Shorin <kxepal@gmail.com>
To: "dev@couchdb.apache.org" <dev@couchdb.apache.org>
Content-Type: text/plain; charset=UTF-8

Hi Paul!

Yes, Admin Party is harmful and must be fixed if your CouchDB gain
access not only from localhost. There are no doubts on that.

CouchDB 2.0 will force you to fix it if you're going to setup a cluster.
--
,,,^..^,,,


On Sun, Apr 17, 2016 at 6:09 AM, Paul Hammant <paul@hammant.org> wrote:
> (Cultural ref: https://en.wikipedia.org/wiki/Considered_harmful)
>
> So AdminParty is fun for there 2 minute "hey this stuff is great" tour of
> CouchDB, but it leaves me (and others) worried that we don't know the 52
> specialist knowledge things to do to lock down a couch install completely.
> You know: 443-only, a top-level administrator, sub administrators, regular
> accounts, different read vs write permissions, etc etc. We can't imagine
> going live with a CouchDB solution without that, and it makes us think we
> should look for other technologies when there is no cohesive 100% dev-team
> endorsed page on how to close down the party once and for all. Sooooo - *if
> that page exists, I can't find it*.  Is the comummunity even in agreement -
> is it changes to default.ini, local.ini (server side), or is it a series of
> curl statements over the wire (and why)?
>
> - Paul