couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: Security
Date Thu, 11 Feb 2010 21:32:55 GMT
On Thu, Feb 11, 2010 at 04:12:58PM -0500, Aaron Boxer wrote:
> Thanks very much, this helps a lot.  Am I correct in surmising that
> once a password is set, anyone
> can do a HTTP GET on my database, but not an HTTP POST ?

They can still do PUT and POST as well, but you can restrict those actions
using a validate_doc_update function in a design doc.

More access control stuff has hit trunk in the last few days and may end up
in 0.11, depending on exactly what point the branch is taken from.

Regards,

Brian.

Mime
View raw message