couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Common security pattern?
Date Sun, 03 Jan 2010 19:13:25 GMT
On Sun, Jan 3, 2010 at 10:13 AM, Karel Minařík <karel.minarik@gmail.com> wrote:
> Hi,
>
>> On Jan 3, 2010, at 6:31 AM, Paweł Stawicki <pawelstawicki@gmail.com>
>>>
>>> It is unevitable that if DB is accessible in the internet, everyone
>>> can edit/add/delete documents. After all, this is what I want. But I
>>> don't want to allow deletion of whole database. Or access to another
>>> databases on the same CouchDB server.
>
>>> Even if I can prevent deletion of whole database, I can't prevent
>>> deletion of single documents, and malicious user could delete them one
>>> by one.
>
>>> So in a nutshell, I have questions:
>>> 1. Is it possible to prevent deletion of database?
>>> 2. Is it possible to prevent deletion of documents? Or, even better...
>>> 3. ...is it possible to limit number of deleted documents for specific
>>> IP for time unit. E.g. one document deletion per minute?
>
> I am quite green in this area, but I've been thinking a bit about this
> lately and IMHO you can do several things:
>
> First, you can hook up your application with some reverse-proxy, as Sean
> Hess adviced. This way you can expose only the URL to one database (and
> possibly to the _design/myapp document, so you get nicer URLs). In Nginx,
> you'd do something like this: http://gist.github.com/268061, it would be
> very similar in Apache. This way, you're not exposing the whole couch, but
> only that specific database, restricting the access.
>
> Then, you can implement basic authentication
> [http://books.couchdb.org/relax/reference/security], which basically will
> disallow anyone to create/delete design docs and other stuff  (see the relax
> book for listing.) Anyone un-authorized can still create/update/delete
> "regular" documents, which is what you want.
>
> Then again, you can restrict deleting/updating/etc docs to the user who
> originally created those (which is basically what @jchrisa's sofa does, see
> http://github.com/jchris/sofa/blob/master/validate_doc_update.js#L12-14), or
> disallow deleting docs entirely (again see @jchrisa's toast,
> http://github.com/jchris/toast/blob/master/validate_doc_update.js#L10-14).
> (In a Wiki, it could make sense to disallow deleting docs, unless
> authorized, etc)
>
> I am not sure how to limit number of deletions per IP+time, unless you have
> some authentication info about the user...
>

Everything except the throttling of deletes for a given user should be
easy to do natively with CouchDB.

Only admins can create and destroy DBs, install design docs, etc.

If you want to see a preview of the new login feature, it's available
at http://github.com/jchris/couchdb/tree/account

See the bottom right hand corner of Futon. Comments/patches very welcome!

I plan to merge it to trunk before 0.11 release, so it should be a
viable option for new apps.

Chris


-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message