Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CA999EDD9 for ; Wed, 6 Mar 2013 19:11:37 +0000 (UTC) Received: (qmail 43545 invoked by uid 500); 6 Mar 2013 19:11:36 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 43510 invoked by uid 500); 6 Mar 2013 19:11:36 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 43502 invoked by uid 99); 6 Mar 2013 19:11:36 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Mar 2013 19:11:36 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_NONE,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of snowebang@hotmail.com designates 65.54.190.164 as permitted sender) Received: from [65.54.190.164] (HELO bay0-omc3-s26.bay0.hotmail.com) (65.54.190.164) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Mar 2013 19:11:30 +0000 Received: from BAY002-W3 ([65.54.190.188]) by bay0-omc3-s26.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 6 Mar 2013 11:11:09 -0800 X-EIP: [yuEXvawOR7AHJGQFBbh1RTbMmgtA7b4I] X-Originating-Email: [snowebang@hotmail.com] Message-ID: Content-Type: multipart/alternative; boundary="_f4da6bdf-769e-4e20-b28d-ae7be80dc908_" From: TAE JIN KIM To: "user@couchdb.apache.org" Subject: RE: Curiosity how you use CouchDB in your web env. Date: Thu, 7 Mar 2013 04:11:09 +0900 Importance: Normal In-Reply-To: References: ,,,,,,,, MIME-Version: 1.0 X-OriginalArrivalTime: 06 Mar 2013 19:11:09.0996 (UTC) FILETIME=[5C88FEC0:01CE1A9E] X-Virus-Checked: Checked by ClamAV on apache.org --_f4da6bdf-769e-4e20-b28d-ae7be80dc908_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Let's suppose that you deployed your html to http://127.0.0.1:5984/testdb/_= design/frontend/Index.htm served by your CouchDB directly. How do you set up in a way that anonymous users are only able to access _de= sign/front-end=2C but nothing else like futon management pages(_utils) Looks like you may be able to set up an account=2C but still anonymous user= s still are able to read futon management page(_utils) for all of database = and documents... =20 Thanks=2C > Date: Wed=2C 6 Mar 2013 12:42:28 -0600 > Subject: Re: Curiosity how you use CouchDB in your web env. > From: rnewson@apache.org > To: user@couchdb.apache.org >=20 > Don't grant users access to databases you don't want them to read. :) >=20 > http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization >=20 > B. >=20 > On 6 March 2013 12:33=2C Mark Hahn wrote: > > Anyone logged in can read any document in the DB. I have to check each > > user and what they are trying to do to block illegal actions. > > > > > > On Wed=2C Mar 6=2C 2013 at 9:51 AM=2C Robert Newson wrote: > > > >> "How does everyone solve the security issue?" > >> > >> What security problem? Only administrators can modify design documents= . > >> > >> B. > >> > >> On 6 March 2013 11:38=2C Aur=E9lien B=E9nel wr= ote: > >> > Hi=2C > >> > > >> >> just out of curiosity=2C would like to hear how CouchDB is being us= ed in > >> your web environment.... > >> > > >> > We have two main setups: > >> > - CouchApps=2C > >> > - REST APIs used by heavy clients (Java or Firefox extensions) and > >> attached Web applications. > >> > > >> >> How does everyone solve the security issue? > >> > > >> > We always use CouchDB behind a reverse proxy to add LDAP authenticat= ion > >> and authorization when needed. > >> > > >> > > >> > Regards=2C > >> > > >> > Aur=E9lien > >> = --_f4da6bdf-769e-4e20-b28d-ae7be80dc908_--