Return-Path: 
 <dev-return-46045-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-dev-archive@www.apache.org
Delivered-To: apmail-couchdb-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id EBE0318768
	for <apmail-couchdb-dev-archive@www.apache.org>;
 Sun, 17 Apr 2016 12:24:44 +0000 (UTC)
Received: (qmail 32852 invoked by uid 500); 17 Apr 2016 12:24:39 -0000
Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org
Received: (qmail 32787 invoked by uid 500); 17 Apr 2016 12:24:39 -0000
Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@couchdb.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@couchdb.apache.org>
List-Post: <mailto:dev@couchdb.apache.org>
List-Id: <dev.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list dev@couchdb.apache.org
Received: (qmail 32773 invoked by uid 99); 17 Apr 2016 12:24:39 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO
 spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Apr 2016 12:24:39 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id 1B197C1BED
	for <dev@couchdb.apache.org>; Sun, 17 Apr 2016 12:24:39 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1
X-Spam-Level: *
X-Spam-Status: No, score=1 tagged_above=-999 required=6.31
	tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_NONE=-0.0001]
	autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id m2xNAldIjheN for <dev@couchdb.apache.org>;
	Sun, 17 Apr 2016 12:24:37 +0000 (UTC)
Received: from monoceres.uberspace.de (monoceres.uberspace.de
 [95.143.172.184])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS
 id 93C665F238
	for <dev@couchdb.apache.org>; Sun, 17 Apr 2016 12:24:36 +0000 (UTC)
Received: (qmail 18528 invoked from network); 17 Apr 2016 12:24:30 -0000
Received: from localhost (HELO ?10.0.0.11?) (127.0.0.1)
  by monoceres.uberspace.de with SMTP; 17 Apr 2016 12:24:30 -0000
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: Admin party considered harmful
From: Jan Lehnardt <jan@apache.org>
In-Reply-To: 
 <CA+298UiL1VQcZ70ARrj4gOOko32=D6=Bi9Ymui-c9cmdFgmKwA@mail.gmail.com>
Date: Sun, 17 Apr 2016 14:24:27 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <F334B028-269A-41D4-9E36-C5845D492EBF@apache.org>
References: 
 <CA+298UiL1VQcZ70ARrj4gOOko32=D6=Bi9Ymui-c9cmdFgmKwA@mail.gmail.com>
To: dev@couchdb.apache.org
X-Mailer: Apple Mail (2.3124)


> On 17 Apr 2016, at 05:09, Paul Hammant <paul@hammant.org> wrote:
>=20
> (Cultural ref: https://en.wikipedia.org/wiki/Considered_harmful)
>=20
> So AdminParty is fun for there 2 minute "hey this stuff is great" tour =
of
> CouchDB, but it leaves me (and others) worried that we don't know the =
52
> specialist knowledge things to do to lock down a couch install =
completely.
> You know: 443-only, a top-level administrator, sub administrators, =
regular
> accounts, different read vs write permissions, etc etc. We can't =
imagine
> going live with a CouchDB solution without that, and it makes us think =
we
> should look for other technologies when there is no cohesive 100% =
dev-team
> endorsed page on how to close down the party once and for all. Sooooo =
- *if
> that page exists, I can't find it*.


> Is the comummunity even in agreement - is it changes to default.ini, =
local.ini
> (server side), or is it a series of curl statements over the wire (and =
why)?

No need to be snide about this. A =E2=80=9CWhy are there two ways to =
configure
CouchDB?=E2=80=9D would have sufficed.

CouchDB has a config system. It is persisted in two .ini files. You can
change settings by editing local.ini and [re]starting CouchDB or without
restarting CouchDB using curl. The latter is rather beneficial in =
production
systems that don=E2=80=99t want to incur downtimes.

Changes done at runtime are stored in local.ini. When you install a =
newer
version of CouchDB new config variables can appear in default.ini. If =
the
install procedure finds an existing local.ini it will not replace it, so
local changes (hence the name) survive software upgrades.

As Bob pointed out, there is a security consideration with ini vs. curl:

If you were to start a CouchDB instance and then add an administrator =
via
curl, there is an ever so slight chance that someone else gets there =
before
you. The exact scenario is somewhat convoluted, so I won=E2=80=99t bore =
you with it.
Suffice it to say, creating an admin in local.ini before the first =
launch
of CouchDB completely avoids said issue.

* * *

If you don=E2=80=99t feel confident using CouchDB then I suggest you =
look for
alternative technology, or ask someone nicely to explain this to you,
but pressuring the dev team with an somewhat insulting email is not
appreciated here. Again, a =E2=80=9CI find the security system poorly =
documented,
can someone explain this to me?=E2=80=9D would have been much more =
productive.


Best
Jan
--
Apache CouchDB PMC Chair
http://couchdb.apache.org/conduct.html