From user-return-6934-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Tue Oct 20 00:26:48 2009 Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 25829 invoked from network); 20 Oct 2009 00:26:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 20 Oct 2009 00:26:48 -0000 Received: (qmail 33768 invoked by uid 500); 20 Oct 2009 00:26:47 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 33686 invoked by uid 500); 20 Oct 2009 00:26:46 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 33676 invoked by uid 99); 20 Oct 2009 00:26:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Oct 2009 00:26:46 +0000 X-ASF-Spam-Status: No, hits=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of awolff@gmail.com designates 209.85.222.182 as permitted sender) Received: from [209.85.222.182] (HELO mail-pz0-f182.google.com) (209.85.222.182) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Oct 2009 00:26:44 +0000 Received: by pzk12 with SMTP id 12so3882196pzk.13 for ; Mon, 19 Oct 2009 17:26:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=92rPDqWBQEEYZOAYZoC8AevqGKJYIo43qzRPXvz6G0Y=; b=wymud5IpbKhYu5xdZ28qMFM7eFGYT1CTT7Pzl/lMv0gm7/tIBBVXg1GYztIsQlz5o6 6+IByjBitiYu8ffn57yk+ePWMk52hBysU0GCvPC4756i8KkzcFfWdW28UAnjQ/HALfFs ugnHqmvF2B8y3xynBUDmYRInWRsFpdqPTN0UU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ANerBz53jcB59JsDpuufVBbliDmC2okMbdmlA+PA22g68Rt12V5Ml2GCMQ7UEn7fIq U1WDJ+mraMre8OJYZIUlISw5ZRM7/Do9B3966yvpMPBxx5Kq7XP4CM9VUuYy580cg3Bs K1Gfm5N0H35cgYH46eJeKdXmYmLB8VVuKYjks= MIME-Version: 1.0 Received: by 10.140.225.3 with SMTP id x3mr1586346rvg.18.1255998384158; Mon, 19 Oct 2009 17:26:24 -0700 (PDT) In-Reply-To: <8a02878f0910191009p7ce1eeafm2e3fcd620f01ee57@mail.gmail.com> References: <4ADC57F2.6060807@meetinghouse.net> <8a02878f0910191009p7ce1eeafm2e3fcd620f01ee57@mail.gmail.com> Date: Mon, 19 Oct 2009 17:26:24 -0700 Message-ID: Subject: Re: Couchdb with OpenSSO From: Adam Wolff To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=000e0cd22f3a86b960047652e9c9 --000e0cd22f3a86b960047652e9c9 Content-Type: text/plain; charset=ISO-8859-1 On Mon, Oct 19, 2009 at 10:09 AM, Jesse Hallett wrote: > Do you mean that users could bypass Apache by accessing CouchDB directly? > For example, by connecting to port 5984? If that is the problem you should > configure CouchDB to bind to the local interface so that it refuses > connections from other machines. > Or even easier just configure ipchains to firewall all but port 80 for external connections. A --000e0cd22f3a86b960047652e9c9--