couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Travis Paul ...@visPaul.me>
Subject Re: securing couchdb users
Date Thu, 21 Feb 2013 18:07:47 GMT
You can prevent writes with a validate_doc_update function. Check the user
context and throw if it's not an admin.
What version of CouchDB are you running? In newer versions (I can't recall
the exact version where it was added) you can't access all_docs on the
users db unless you are an admin.


On Thu, Feb 21, 2013 at 11:18 AM, svilen <az@svilendobrev.com> wrote:

> i read this one (somewhat old but the last/bottom message is pretty
> good).
> http://stackoverflow.com/questions/1923352/how-to-secure-couchdb
>
> in my case, i want only authentication (to _users) from the world.
> no reads no writes (done server side).
> can that be configured without proxies/vhosts?
>
> i also need only replication of per-user databases, so probably all the
> rewriting of */_design/ etc still has to happen.. coz apart of
> data/changes nothing else should be world viewable. sigh.
>
> svil
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message