couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: CouchDB in the cloud - security assessment from dev team?
Date Tue, 23 May 2017 14:16:00 GMT
Heya Paul,

all good questions, I think you’d have to ask the Bitnami folks about this specifically,
or hire someone (*cough*) to make an external assessment.

Best
Jan
--

> On 23. May 2017, at 14:21, Paul Hammant <paul@hammant.org> wrote:
> 
> https://bitnami.com/stack/couchdb
> 
> One click* will get you a couch instance in Google or Amazon's infra. At
> least in Google's case they handle SSL off in the tier above ... but what
> else has been hardened about these ?
> Does anyone know?
> Is there a couch_vulns.sh script one can run against a couch install to
> look for issues?
> 
> Although WannaCry was in the news last week, Couch was too in Jan -
> http://www.pcworld.com/article/3159527/security/attackers-start-wiping-data-from-couchdb-and-hadoop-databases.html
> ,
> https://lists.apache.org/thread.html/5bfd5b30613ac918276bab64a01f00cb451a19624a212b288ffe43b5@%3Cdev.couchdb.apache.org%3E
> and a consequential blog entry from this group that I can't find right now.
> 
> - Paul
> 
> * not really one click, but close.

-- 
Professional Support for Apache CouchDB:
https://neighbourhood.ie/couchdb-support/


Mime
View raw message