From user-return-17350-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Thu Aug 4 15:57:14 2011 Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 852936E82 for ; Thu, 4 Aug 2011 15:57:14 +0000 (UTC) Received: (qmail 96519 invoked by uid 500); 4 Aug 2011 15:57:13 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 96372 invoked by uid 500); 4 Aug 2011 15:57:12 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 96364 invoked by uid 99); 4 Aug 2011 15:57:12 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Aug 2011 15:57:12 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jan.wedekind@gmail.com designates 209.85.213.52 as permitted sender) Received: from [209.85.213.52] (HELO mail-yw0-f52.google.com) (209.85.213.52) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Aug 2011 15:57:06 +0000 Received: by ywb5 with SMTP id 5so1632162ywb.11 for ; Thu, 04 Aug 2011 08:56:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=SvDowkKRiXTDJfBdtdDJ1XewLBIRHmCN3+SWeY2JIAY=; b=Ny1xZjUNceQ1JMeqRA7IdP++mZMtgAZwaXLr3WYsRz/22XsHmhHzAV37ULPGcuXAVw 7JlPeweN0AdXFy/YKiDh2XT6rwMWMjiBiapjiPIvEFdoHuXQQlBY1wNZdi+/ZBqYhl5E 9Pwe+M+JZk3nq4A4PozmKMSi8gDw0x6KDmBS0= Received: by 10.42.155.133 with SMTP id u5mr883734icw.459.1312473406168; Thu, 04 Aug 2011 08:56:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.200.138 with HTTP; Thu, 4 Aug 2011 08:56:26 -0700 (PDT) In-Reply-To: References: From: Jan Wedekind Date: Thu, 4 Aug 2011 17:56:26 +0200 Message-ID: Subject: Re: to CouchApp or not to CouchApp To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=90e6ba21241b26dcd204a9b00714 --90e6ba21241b26dcd204a9b00714 Content-Type: text/plain; charset=ISO-8859-1 On Thu, Aug 4, 2011 at 17:23, Sam Bisbee wrote: > >> All of that being said, there should be a checklist of steps to lock > >> CouchDB down. If no one has seen one floating around the Web yet, then > >> I'll start putting one together. > >> > > > > That would be really helpful, at least I can't find anything > comprehensive > > on the whole topic and the more I read, the more confused I get. > > I smell a blog post. :) > *sniffsniffsniff* :) > > But with Couch alone, I still need to submit username:password in > cleartext > > - at least once if I do cookie authentication. Or am I missing something? > > CouchDB supports SSL as of 1.1.0: > http://wiki.apache.org/couchdb/How_to_enable_SSL We are running Couchbase for now (cos we wanted Geocouch easier). But yes, I read that and was happy to see it. > >> Or Max's suggestion of proxying through a web server.(...) > These should be a good start: > > http://wiki.apache.org/couchdb/Apache_As_a_Reverse_Proxy > http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy > > Thanks! Stumbled across the first one two and we are essentially doing something like that now. I think my main confusion stemmed from the fact that Couch is well capable of serving stuff on its own and at scale - and that i didn't needed a middle layer to talk to the database. So adding another web server in between felt weirdly contradictory. But then again, just for load balancing alone you eventually need something in between anyway. Thanks! Jan --90e6ba21241b26dcd204a9b00714--