Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 29385 invoked from network); 19 Jul 2010 21:52:06 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 19 Jul 2010 21:52:06 -0000 Received: (qmail 58080 invoked by uid 500); 19 Jul 2010 21:52:04 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 57818 invoked by uid 500); 19 Jul 2010 21:52:04 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 57726 invoked by uid 99); 19 Jul 2010 21:52:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Jul 2010 21:52:03 +0000 X-ASF-Spam-Status: No, hits=3.6 required=10.0 tests=FREEMAIL_FROM,FS_REPLICA,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jchris@gmail.com designates 74.125.83.180 as permitted sender) Received: from [74.125.83.180] (HELO mail-pv0-f180.google.com) (74.125.83.180) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Jul 2010 21:51:55 +0000 Received: by pvg12 with SMTP id 12so4142397pvg.11 for ; Mon, 19 Jul 2010 14:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:content-type:mime-version :subject:from:in-reply-to:date:content-transfer-encoding:message-id :references:to:x-mailer; bh=ALEIZPi9SAAaNdBS1qi7tK2uoJaxES95ZAnZNzJWXfo=; b=mbCcYCcq1YQaekPMfKuBNAt3G5y2rxZZFhHu6oaGsRrC4KTRSOzMsoYWpAl5O2GmA6 Lzn8L5bzo1z/4O5H4IsIKW89fX0dbUr51khlhINGUjJD5yHJIaoMW1b3IpzxSi65kcjh RaySmeK+zusJteeIcwHJvC1DAH2BhQyNTtLIA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; b=Z+qv4IZmh/4OtEnyZTaK02w+SR9ci507CirNCHi13Zd7L2c44sGPvWFIOF/MHimeQm s1mBr53obi07Fjti+pmiLs0sCxBOKvLVbaX4E0+St3mKTpSrzQaFjONEAIm5pfmkvSy9 hUfcXwEGNfW+lphLR2eXVu3QE92T8SRkSfJlE= Received: by 10.142.172.17 with SMTP id u17mr8131473wfe.258.1279576233616; Mon, 19 Jul 2010 14:50:33 -0700 (PDT) Received: from [192.168.1.102] (c-98-248-172-14.hsd1.ca.comcast.net [98.248.172.14]) by mx.google.com with ESMTPS id b1sm17490991rvn.14.2010.07.19.14.50.31 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 19 Jul 2010 14:50:32 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: Securing replication From: J Chris Anderson In-Reply-To: Date: Mon, 19 Jul 2010 14:50:30 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <3878A99D-E15E-4785-9E25-6CBC57D726ED@gmail.com> References: To: user@couchdb.apache.org X-Mailer: Apple Mail (2.1081) X-Virus-Checked: Checked by ClamAV on apache.org On Jul 19, 2010, at 2:25 PM, Mark J. Reed wrote: > I have a webapp acting as a security gateway/reverse proxy for other > webapps. Its data therefore includes authorization data which itself > needs to be protected from unauthorized access. Currently that data > lives in a localhost-only CouchDB, but I now want to distribute the > application across more than one server, so I'm going to have to open > up a hole to allow replication. My current thoughts are: >=20 > 1. Keep the Couch instances listening on localhost only, but open SSH > tunnels between them to use for the replication. > Based on past experience with SSH tunneling, this seems somewhat > fragile, and probably more complex than is warranted. >=20 > 2. Use iptables to lock down access on each server so that only the > other server can connect to the Couch instance. > This is still moderately increases the complexity (there's an > external configuration to keep in synch with the Couch configs), but > it seems simpler and less likely to break than the SSH solution, while > still offering moderate security (in combination with configuring > Couch to require admin credentials). >=20 > Any other thoughts? Advice welcome. >=20 these both sound sane. If the couches are not behind a firewall together = I'd suggest ssh tunneling (or https) to prevent eavesdropping. Chris >=20 > --=20 > Mark J. Reed