couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Kearns <...@kearns.net.au>
Subject Re: to CouchApp or not to CouchApp
Date Mon, 01 Aug 2011 21:33:07 GMT
I'm new around here, and I realise this is a cheap shot from an armchair 
developer, but this issue of security keeps coming up again and again 
and it seems to me that the design of CouchDB is guilty of 'dumb idea 
#1' in the following article.

http://www.ranum.com/security/computer_security/editorials/dumb/index.html



On 2/08/2011 7:17 AM, Luciano Ramalho wrote:
> On Mon, Aug 1, 2011 at 5:19 PM, Chang Luo<chang@pokerchang.com>  wrote:
>> E.g. I can get all maxogden.com user email and password hash with one http
>> call.  I won't post the URL here but anyone with basic couch knowledge can
>> do it in 5 seconds.
> Indeed... Just checked it out myself.
>
>> Any solution to this problem?  Or do I have to give up CouchApp?
> I am also a fan of the simple CouchApp model, but that is really not
> acceptable. Looking forward to a positive answer to your question,
> Chang!
>

Mime
View raw message