Return-Path: 
 <user-return-23567-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1393EE154
	for <apmail-couchdb-user-archive@www.apache.org>;
 Thu, 21 Feb 2013 16:19:15 +0000 (UTC)
Received: (qmail 84250 invoked by uid 500); 21 Feb 2013 16:19:13 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 84155 invoked by uid 500); 21 Feb 2013 16:19:10 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 84142 invoked by uid 99); 21 Feb 2013 16:19:10 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 16:19:10 +0000
X-ASF-Spam-Status: No, hits=-0.6 required=5.0
	tests=FROM_12LTRDOM,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [91.195.24.3] (HELO mail.open.bg) (91.195.24.3)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 16:19:04 +0000
Received: from usr018.bb963-03.uas.im.wakwak.ne.jp ([61.193.246.148]:49168
 helo=dede)
	 by mail.open.bg with esmtpsa
	(Cipher SSL3.0:DHE_RSA_AES_128_CBC_SHA1:128)   (Exim 4.80)
	 id 1U8Yr3-0000kC-H4  by authid <az@svilendobrev.com>  with login
	for <user@couchdb.apache.org>; Thu, 21 Feb 2013 18:18:42 +0200
Date: Fri, 22 Feb 2013 01:18:32 +0900
From: svilen <az@svilendobrev.com>
To: user@couchdb.apache.org
Subject: securing couchdb users
Message-ID: <20130222011832.5671e231@dede>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.13; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

i read this one (somewhat old but the last/bottom message is pretty
good). 
http://stackoverflow.com/questions/1923352/how-to-secure-couchdb

in my case, i want only authentication (to _users) from the world. 
no reads no writes (done server side).
can that be configured without proxies/vhosts?

i also need only replication of per-user databases, so probably all the
rewriting of */_design/ etc still has to happen.. coz apart of
data/changes nothing else should be world viewable. sigh.

svil