couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Bisbee <>
Subject Re: to CouchApp or not to CouchApp
Date Thu, 04 Aug 2011 15:23:02 GMT
On Wed, Aug 3, 2011 at 9:27 AM, Jan Wedekind <> wrote:
> Hi Sam,
> On Tue, Aug 2, 2011 at 03:36, Sam Bisbee <> wrote:
>> All of that being said, there should be a checklist of steps to lock
>> CouchDB down. If no one has seen one floating around the Web yet, then
>> I'll start putting one together.
> That would be really helpful, at least I can't find anything comprehensive
> on the whole topic and the more I read, the more confused I get.

I smell a blog post. :)

> On Wed, Aug 3, 2011 at 02:03, Sam Bisbee <> wrote:
>> You can set an ACL for the _users database. This is called the
>> security object, which you can update in Futon with the security
>> button. Just set an admin and reader, and only that user (or group of
>> users) will be able to access the database.
> But with Couch alone, I still need to submit username:password in cleartext
> - at least once if I do cookie authentication. Or am I missing something?

CouchDB supports SSL as of 1.1.0:

>> Or Max's suggestion of proxying through a web server.
> I cannot find anything on that. Do you know of any post/link where that is
> explained in more detail? Sorry for stupid questions :(

No worries. :)

These should be a good start:

After that, "couchdb apache proxy" and "couchdb nginx proxy" are good
Google searches.

Sam Bisbee

View raw message