couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <>
Subject Re: Common security pattern?
Date Sun, 03 Jan 2010 19:13:25 GMT
On Sun, Jan 3, 2010 at 10:13 AM, Karel Minařík <> wrote:
> Hi,
>> On Jan 3, 2010, at 6:31 AM, Paweł Stawicki <>
>>> It is unevitable that if DB is accessible in the internet, everyone
>>> can edit/add/delete documents. After all, this is what I want. But I
>>> don't want to allow deletion of whole database. Or access to another
>>> databases on the same CouchDB server.
>>> Even if I can prevent deletion of whole database, I can't prevent
>>> deletion of single documents, and malicious user could delete them one
>>> by one.
>>> So in a nutshell, I have questions:
>>> 1. Is it possible to prevent deletion of database?
>>> 2. Is it possible to prevent deletion of documents? Or, even better...
>>> 3. it possible to limit number of deleted documents for specific
>>> IP for time unit. E.g. one document deletion per minute?
> I am quite green in this area, but I've been thinking a bit about this
> lately and IMHO you can do several things:
> First, you can hook up your application with some reverse-proxy, as Sean
> Hess adviced. This way you can expose only the URL to one database (and
> possibly to the _design/myapp document, so you get nicer URLs). In Nginx,
> you'd do something like this:, it would be
> very similar in Apache. This way, you're not exposing the whole couch, but
> only that specific database, restricting the access.
> Then, you can implement basic authentication
> [], which basically will
> disallow anyone to create/delete design docs and other stuff  (see the relax
> book for listing.) Anyone un-authorized can still create/update/delete
> "regular" documents, which is what you want.
> Then again, you can restrict deleting/updating/etc docs to the user who
> originally created those (which is basically what @jchrisa's sofa does, see
>, or
> disallow deleting docs entirely (again see @jchrisa's toast,
> (In a Wiki, it could make sense to disallow deleting docs, unless
> authorized, etc)
> I am not sure how to limit number of deletions per IP+time, unless you have
> some authentication info about the user...

Everything except the throttling of deletes for a given user should be
easy to do natively with CouchDB.

Only admins can create and destroy DBs, install design docs, etc.

If you want to see a preview of the new login feature, it's available

See the bottom right hand corner of Futon. Comments/patches very welcome!

I plan to merge it to trunk before 0.11 release, so it should be a
viable option for new apps.


Chris Anderson

View raw message