On Jul 16, 2010, at 4:49 PM, Chris Dawson wrote:

> I want to run a couchdb node which allows public read access so that replication can occur but then protect writes behind an application server.  Should I set up a firewall or proxy rule that disallows anything but GETs on the public IP and then have an application server running on the localhost interface which has full HTTP verbs allowed?  Or is there another topology I should consider?
> 

best is set up a validation function so that writes are only allowed by users with a certain role, then you can give that role to your app server's user. (or maybe even skip the app server altogether and write the rest as a couchapp, but that's another story).

http://books.couchdb.org/relax/design-documents/validation-functions

> Thanks
> Chris
> 
> Chris Dawson
> 971-533-8335