couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Santner <>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Wed, 06 Mar 2013 19:51:01 GMT
I think it's brilliant as just a database and no more.  So that's how I use it.  I have a similar
setup to your #2.  Perhaps that just because I feel most comfortable with that type of setup.
 This way I don't burden couch with anything security related.  It just eats and serves docs.
 My app tier handles the access control and other tasks like email or any other services over
the net that I need to use.

On Mar 6, 2013, at 1:27 PM, Wendall Cada <> wrote:

> We use couchdb in two configurations.
> 1. As a couchapp serving content for basic consumption. (For a url shortener service)
> 2. As a database on localhost behind pylons or pyramid.
> To address the security question. We've been using couchdb for long enough that it didn't
have any security when we started using it in production (0.8). Up until recently _users was
a somewhat insecure feature. It's only been with the release of 1.2.0 that _users is handled
> For our needs, couchdb still does not have robust enough acls for any of our applications,
so for now, it needs to run behind our app servers. I see changes for this on the roadmap,
but until this actually happens, couchdb will happily sit on localhost serving docs.
> I'm not sure why it isn't understood that based on it's history, CouchDB has mostly been
used as a database. I know people want it to be an app server, but, in my opinion, that's
the weakest part of the entire system.
> Wendall
> On 03/06/2013 09:51 AM, Robert Newson wrote:
>> "How does everyone solve the security issue?"
>> What security problem? Only administrators can modify design documents.
>> B.
>> On 6 March 2013 11:38, Aurélien Bénel <> wrote:
>>> Hi,
>>>> just out of curiosity, would like to hear how CouchDB is being used in your
web environment....
>>> We have two main setups:
>>> - CouchApps,
>>> - REST APIs used by heavy clients (Java or Firefox extensions) and attached Web
>>>> How does everyone solve the security issue?
>>> We always use CouchDB behind a reverse proxy to add LDAP authentication and authorization
when needed.
>>> Regards,
>>> Aurélien

View raw message