couchdb-marketing mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Garren Smith <gar...@apache.org>
Subject Re: 154 million voter records
Date Fri, 24 Jun 2016 10:59:08 GMT
Would anyone be interested in writing a blog post on how to secure your
CouchDB instance as well as how some of the new CouchDB 2.0 features will
help with this issue?

On Fri, Jun 24, 2016 at 8:53 AM, Javier Candeira <javier@candeira.com>
wrote:

> We should publish it, maybe not in the CouchDB in the wild, but certainly
> in
> the weekly blog post, as a cautionary tale.
>
> It's not only a measure of honesty but, as Andy says, a service to present
> and potential CouchDB users.
>
> If the story serves to have one CouchDB admin check whether their install
> is
> insecure and fix any problems, it will have helped.
>
> My 2 cents,
>
> JC
>
> On 24/06/16 16:44, Andy Wenk wrote:
> > That brings me to the point, that we do not have a CouchDB in the wild
> section here:
> >
> > https://cwiki.apache.org/confluence/display/COUCHDB/Planet+CouchDB
> >
> > @Alex - can you remember, where we wanted to put articles like that to?
> >
> > Answering the question if we should add the article at all: yes we
> should. Even though it is really unfortunate what happened,
> > it is a fact, that this is possible. But to take the good things out of
> this, we will help users avoid such disasters with 2.0
> > by setting admin party off by default. That’s the story we should tell
> ...
> >
> > All the best
> >
> > Andy
> >
> > --
> > Andy Wenk
> > RockIt!
> >
> > Hamburg / Germany
> >
> > GPG public key:
> https://pgp.mit.edu/pks/lookup?op=get&search=0x4F1D0C59BC90917D
> >
> >> On 23 Jun 2016, at 15:55, Reddy B. <reddy.b@live.fr> wrote:
> >>
> >> Yea that's the only positive... Now the nasty thing would be to add
> them to the CouchDb in the Wild Page. Even though it's literally in the
> wild here
> >>
> >>> From: kxepal@gmail.com
> >>> Date: Thu, 23 Jun 2016 16:49:42 +0300
> >>> Subject: Re: 154 million voter records
> >>> To: dev@couchdb.apache.org
> >>>
> >>> Finally we are sure that CouchDB is used for really big data in the
> wild (:
> >>> --
> >>> ,,,^..^,,,
> >>>
> >>>
> >>> On Thu, Jun 23, 2016 at 4:34 PM, Jan Lehnardt <jan@apache.org> wrote:
> >>>> Link here:
> http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml
> >>>>
> >>>> All the more reason to get 2.0 out which has admin-party off by
> default, and to switch to private-by-default databases soon after.
> >>>>
> >>>> Best
> >>>> Jan
> >>>> --
> >>>>
> >>>>> On 23 Jun 2016, at 15:31, Paul Hammant <paul@hammant.org>
wrote:
> >>>>>
> >>>>> It's in the news today. Multiple news sites incl. slashdot.
> >>>>>
> >>>>> Someone deployed couchdb on its default port - 5984 or w/o a strong
> ssl & auth design.  Maybe.
> >>>>>
> >>>>> Sent from my iPhone
> >>>>
> >>>> --
> >>>> Professional Support for Apache CouchDB:
> >>>> https://neighbourhood.ie/couchdb-support/
> >>>>
> >>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message