couchdb-marketing mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: SmileUpps Features (Was: How do CouchApps fit into the CouchDB story? (Was: CouchDB Articles, Pills and Tutorials Ideas))
Date Tue, 05 May 2015 15:09:21 GMT

> On 05 May 2015, at 16:36, Giovanni Lenzi <g.lenzi@smileupps.com> wrote:
> 
>> otherwise, again, the system is insecure (I helped build it that way).
> To tell the truth, with handlers renaming or as soon as an attacker doesn't
> know your db name, the system can still be secured withouth any proxy. However,
> if proxy is really a concern, a fix to use CouchDB only, could eventually
> be creating a new "default _rewrite path" parameter within couchdb
> configuration, to be used as "default path" in case of request without or
> with an incorrect "Host Header"
> 
> Jan, trust me... All I'm doing here is to bring help with marketing,
> tutorials and CouchDB improvements... I hope this can be recognized

No worries, I 100% recognise your efforts.

Thank you for being patient with me.

My only concern was with understanding how your particular flavour of CouchApp
works and I think I found a massive security concern. That’s why I won’t be
advocating for this particular solution (not saying it can’t be, but it isn’t
today).

With that out of the way, let’s get back to the story part of this discussion.

Thanks
Jan
--


> 
> 
> 2015-05-05 15:57 GMT+02:00 Jan Lehnardt <jan@apache.org>:
> 
>> 
>>> On 05 May 2015, at 15:50, Giovanni Lenzi <g.lenzi@smileupps.com> wrote:
>>> 
>>>> CouchDB has no way of blocking requests to _changes that have no filter
>>> parameter
>>> Why? _rewrite handler is used to allow only requests complying with your
>>> api, and therefore preventing requests to changes withouth a filter. You
>>> can have a look to rewrites.json file for this.
>>> 
>>> I agree proxy is a best practice as a load balancer and to forward only
>>> requests to allowed vhosts, like Smileupps, Iriscouch or Cloudant all are
>>> doing, even if it's not strictly mandatory for security.
>>> 
>>> Anyway, I was not interested here, in raising this kind of technical
>>> discussion. My starting e-mail only wanted to be constructive, by
>> proposing
>>> a way to push content around CouchDB and Couchapps, to help everyone
>>> understand what they really can and cannot do.
>> 
>> I’m sorry to derail this, but I want to make sure I understand your system
>> before I can argue for or against your claims :)
>> 
>> Your point that CouchApps can be a platform is well taken, thank you for
>> that!
>> 
>> You equally can’t force a client to use a _request handler, only if you
>> block requests without a Host: header in a proxy in front of CouchDB,
>> otherwise, again, the system is insecure (I helped build it that way).
>> 
>> Best
>> Jan
>> --
>> 
>> 
>>> 
>>> 
>>> 2015-05-05 15:21 GMT+02:00 Jan Lehnardt <jan@apache.org>:
>>> 
>>>> 
>>>>> On 05 May 2015, at 15:14, Giovanni Lenzi <g.lenzi@smileupps.com>
>> wrote:
>>>>> 
>>>>>> That happens in a proxy outside of CouchDB then?
>>>>> 
>>>>> No, it happens in the changes filter of the design document.
>>>> 
>>>> You cannot force a client to use a filter. CouchDB has no way of
>> blocking
>>>> requests to _changes that have no filter parameter. If you are not doing
>>>> that in a proxy, your system is not secure.
>>>> 
>>>> Best
>>>> Jan
>>>> --
>>>> Professional Support for Apache CouchDB:
>>>> http://www.neighbourhood.ie/couchdb-support/
>>>> 
>>>> 
>> 
>> --
>> Professional Support for Apache CouchDB:
>> http://www.neighbourhood.ie/couchdb-support/
>> 
>> 

-- 
Professional Support for Apache CouchDB:
http://www.neighbourhood.ie/couchdb-support/


Mime
View raw message