couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: to CouchApp or not to CouchApp
Date Mon, 01 Aug 2011 22:37:24 GMT
On Mon, Aug 1, 2011 at 14:33, Sam Kearns <sam@kearns.net.au> wrote:
> I'm new around here, and I realise this is a cheap shot from an armchair
> developer, but this issue of security keeps coming up again and again and it
> seems to me that the design of CouchDB is guilty of 'dumb idea #1' in the
> following article.
>
> http://www.ranum.com/security/computer_security/editorials/dumb/index.html
>

I can understand this advice in a lot of contexts. I'm not sure it
applies to CouchDB. I'm a big fan of not requiring users to set up
accounts and passwords and an admin user before they can even test out
the software at all. While this thread is about CouchApps, default
permit makes a lot of sense in a 3-tier architecture. Sure, sure, it's
advisable to secure your database anyway in case a hacker manages to
penetrate your network. Even then, though, imagine a PHP/SQL world
where they can just search your .php scripts on your web server for
the password passed to the connection. Maybe they can't drop tables,
but they might be able to do a lot of damage, and certainly read a
whole lot of stuff. Certainly in a CouchApp-only world of CouchDB
deployments a default deny might make some sense.

>
>
> On 2/08/2011 7:17 AM, Luciano Ramalho wrote:
>>
>> On Mon, Aug 1, 2011 at 5:19 PM, Chang Luo<chang@pokerchang.com>  wrote:
>>>
>>> E.g. I can get all maxogden.com user email and password hash with one
>>> http
>>> call.  I won't post the URL here but anyone with basic couch knowledge
>>> can
>>> do it in 5 seconds.
>>
>> Indeed... Just checked it out myself.
>>
>>> Any solution to this problem?  Or do I have to give up CouchApp?

I think if you use vhosts you can make _users inaccessible from the
public domain.
CouchDB authentication should still work since internally all the
_session and other security/login-related things access the _users
database directly over internal APIs rather than HTTP.
This might prevent you from storing custom information in the _users
database, but making your own user profile document that's
app-specific might make more sense anyway.

-Randall

>>
>> I am also a fan of the simple CouchApp model, but that is really not
>> acceptable. Looking forward to a positive answer to your question,
>> Chang!
>>
>

Mime
View raw message