couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Samuel Williams <space.ship.travel...@gmail.com>
Subject Re: CouchDB no authentication when connecting via localhost
Date Fri, 28 Oct 2016 22:41:51 GMT
Thanks for the quick reply.

Can you elaborate why this isn't recommended?

The alternative is embedding usernames and passwords somewhere in the
front-end app, or container, or elsewhere..

In comparison to MySQL, it might be less secure.. since in theory with
MySQL, you can limit access to localhost for specific users, but this
doesn't appear possible with CouchDB, so if someone got the
credentials, it would be game over if the server has any kind of
publicly visible CouchDB (which would be the norm for a global
cluster) instance.

The model that feels good to me, is to have completely open access via
a socket or localhost, and then a public API protected by a
public/private key and an iptables rule. But this might not fit well
with CouchDB?

Thanks
Samuel

On 29 October 2016 at 02:52, Jan Lehnardt <jan@apache.org> wrote:
> This is not recommended.
>
> Best
> Jan
> --
>
>> On 28 Oct 2016, at 14:40, Samuel Williams <space.ship.traveller@gmail.com>
wrote:
>>
>> Is this possible? Desirable? We use this model when deploying MySQL
>> and it works very well.
>
> --
> Professional Support for Apache CouchDB:
> https://neighbourhood.ie/couchdb-support/
>

Mime
View raw message