couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Bisbee <...@sbisbee.com>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 02 Aug 2011 01:36:31 GMT
Hi Chang,

CouchDB is very promiscuous out of the box. This is fine since it
listens to localhost by default, and tries to subconsciously get the
developer to start building lazy applications.

That being said, you can easily lock CouchDB down. Including
restricting access to _users, which your e-mail suggests is not
possible.

This is not a problem in my opinion. It is no different than Apache
HTTPD, nginx, or any other network server. Whenever you deploy them
into production you should have a checklist of changes you need to
make to the configuration to lock them down. Hell, you need to lock
down a Linux machine if you put it on the Internet without any
publicly facing services.

All of that being said, there should be a checklist of steps to lock
CouchDB down. If no one has seen one floating around the Web yet, then
I'll start putting one together.

Cheers,

--
Sam Bisbee

On Mon, Aug 1, 2011 at 4:19 PM, Chang Luo <chang@pokerchang.com> wrote:
> Hi Max,
> I have been always enjoyed your videos and posts.  In the past few months, I
> have been trying hard to learn couchapp and not use a middle tier for one of
> my projects.
>
> Now I ran into a security issue that seems to be a blocker for me to use
> CouchApp. The issue is how to set up security for _users database.  By
> default, it's worldwide readable.  This means everyone can access all user
> email and password hash.  This is definitely not acceptable for users
> privacy.  But if I make it only readable to admin, it will break the
> couchapp login model.
>
> E.g. I can get all maxogden.com user email and password hash with one http
> call.  I won't post the URL here but anyone with basic couch knowledge can
> do it in 5 seconds.
>
> Any solution to this problem?  Or do I have to give up CouchApp?
>
> Thanks!
>
> Chang
>
> On Mon, Aug 1, 2011 at 11:14 AM, Max Ogden <max@maxogden.com> wrote:
>
>> couch has a pretty full featured security model actually:
>> http://blog.couchbase.com/whats-new-in-couchdb-1-0-part-4-securityn-stuff
>>
>> and you can proxy couchapps behind a vhost (thus making the rest of the
>> couch api inaccessible): http://vimeo.com/20773112
>>
>> and heres a couple 'pure' couchapps i've built lately to help you get a
>> feel
>> for the stuff possible:
>> http://open211.org
>> http://monocl.es
>> http://open211.org:5984/social_services/_design/removalist/_rewrite
>>
>> cheers!
>>
>> max
>>
>> On Mon, Aug 1, 2011 at 2:10 PM, Gregor Martynus <gregor@martynus.net>
>> wrote:
>>
>> > I had some discussions on the CouchConf last Friday about the pros & cons
>> > of
>> > a CouchApp vs. a traditional 3 tier architecture. I'm new to CouchDB
>> > myself,
>> > I don't have strong opinions yet. My thoughts so far
>> >
>> > PRO
>> >
>> >   1. portability:
>> >   a CouchApp has both application logic and data in the same module.
>> >   Together with its replication features one could very easily take the
>> > same
>> >   app used for a web app and put it into a mobile phone or an enterprise
>> >   intranet/extranet.
>> >   2. simplicity / reach:
>> >   It empowers a lot of UI Designers/Developers to build Database backed
>> >   applications. That's pretty impressive, you know jQuery? You can build
>> >   couchApps.
>> >
>> > CONTRA
>> >
>> >   1. security:
>> >   CouchApp comes with build in signup/signin, but what keeps users to
>> >   access pages like »/db/_all_docs?include_docs=true« ? There is now way
>> to
>> >   hide documents created by User A from User B with CouchDB's build in
>> >   features as far as I understand it.
>> >   2. scaleability:
>> >   there are more possibilities to scale with a 3 tier architecture than
>> >   there are for CouchApps
>> >
>> > What do you think? Do you have a CouchApp running today in Production?
>> > What's your experience so far?
>> >
>> > I'd be happy to summarize the opinions and put them up on the couchDB
>> wiki
>> > so that everybody can benefit from it.
>> >
>>
>

Mime
View raw message