couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sho Fukamachi <sho.fukama...@gmail.com>
Subject Re: Security via probability
Date Wed, 08 Oct 2008 01:04:36 GMT

On 08/10/2008, at 11:16 AM, Ayende Rahien wrote:

> Really bad idea.Security through obscurity is no security. I can  
> listen on
> the network and see what kind of requests are made, for example.

All security is via some sort of obscurity, be it obfuscated URLs,  
passwords, a challenge response or the location of bumps on a key. The  
only thing that differs is how hard it is to get that information.  
Obviously having a properly secure session provide authentication is  
the ideal, but I can think of many cases where a nearly unguessable  
URL is plenty.

Funny this came up, I've had an email in my drafts folder for a couple  
of weeks asking for some basic "security via obscurity" features for  
similar purposes. I thought I'd wait until I'd decided exactly what I  
wanted, but since it's come up ...

[from another reply]

On 08/10/2008, at 10:54 AM, Matthew King wrote:

> Block requests to the all docs query, and you have the beginnings of a
> capability system.


Not just that. You'll need a few more as well:

- ability to turn off all "write" access for a non-local IP  
(especially post new views!)
- block meta functionality like all_docs, all_dbs,  _utils, and  
replication for non-local IPs
- set a limit on how many 404s could be served to a specific IP before  
a timeout period began

and I'm sure there are more.

I'm aware that by proxying through another server like Apache or  
Nginx, applying various rules or what not to stop those adminstrative  
views being accessed. But the thing is, CouchDB already has a very  
capable web server built in. All other things being equal, I'd like to  
just have it serve the documents (well, attachments, I'm mainly  
talking about) natively....

Sho

Mime
View raw message