Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E396AEF5E for ; Wed, 6 Mar 2013 20:05:35 +0000 (UTC) Received: (qmail 77694 invoked by uid 500); 6 Mar 2013 20:05:34 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 77656 invoked by uid 500); 6 Mar 2013 20:05:34 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 77647 invoked by uid 99); 6 Mar 2013 20:05:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Mar 2013 20:05:34 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of sean.copenhaver@gmail.com designates 209.85.160.52 as permitted sender) Received: from [209.85.160.52] (HELO mail-pb0-f52.google.com) (209.85.160.52) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Mar 2013 20:05:27 +0000 Received: by mail-pb0-f52.google.com with SMTP id ma3so6500779pbc.39 for ; Wed, 06 Mar 2013 12:05:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=B6YfqWVSPl04kKuy8PM0lhfxKjwEx8/LFhnozJbKE5g=; b=J2V5vK7s292MNp4oKM7y6+R24DWmBWknUvexP420r1Zxaoo2irkdGdeQN3Fxpstjrr 4jH0Gr4zo1UNeDOBXDRGkuV29ieetO6PnWdLVeZftAg/dtOiNeH/0mDsh6ZsNL9B0zXU L688a9EBkXEIURI2P29+Ac8SJsz3gdNDVZaXSSm7jtUwJCZ5bm6skojMiEWRmjlP6Udv lWaycCsYmdrvHnzxGXG24uSMlAINGM8mTS0FXY4+p79z6Vjnb4RQ8HHryXh1/4eKFJAp n/VH+bpSXqkSjjC7SG/q2bXi8Ygb2eT40gKiYYr9JqQDAYX2M2p5K64bu++GzG4PtVwD HSyw== MIME-Version: 1.0 X-Received: by 10.68.134.100 with SMTP id pj4mr48698929pbb.12.1362600306346; Wed, 06 Mar 2013 12:05:06 -0800 (PST) Received: by 10.70.43.232 with HTTP; Wed, 6 Mar 2013 12:05:06 -0800 (PST) In-Reply-To: <6B3AF255-3F9E-4B3C-95FB-71F50AF5DE60@me.com> References: <513798AC.5090107@83864.com> <6B3AF255-3F9E-4B3C-95FB-71F50AF5DE60@me.com> Date: Wed, 6 Mar 2013 15:05:06 -0500 Message-ID: Subject: Re: Curiosity how you use CouchDB in your web env. From: Sean Copenhaver To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=047d7b1118633bc52d04d7471b0b X-Virus-Checked: Checked by ClamAV on apache.org --047d7b1118633bc52d04d7471b0b Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable I've made a site that was only a couchapp and enjoyed the experience quite a bit. I've also used it for internal tooling to store data and to host mini couchapps for search or utility pages. In all cases though security of data (at least I didn't care who could read the data) was not a requirement and I've greatly enjoyed my experiences. I would love to play around with gardener along with an OS daemon to try a tightly coupled nodejs + couchdb setup. Would also love to see CouchDB hosts to offer such things as well. On Wed, Mar 6, 2013 at 2:51 PM, Dan Santner wrote: > I think it's brilliant as just a database and no more. So that's how I > use it. I have a similar setup to your #2. Perhaps that just because I > feel most comfortable with that type of setup. This way I don't burden > couch with anything security related. It just eats and serves docs. My > app tier handles the access control and other tasks like email or any oth= er > services over the net that I need to use. > > > On Mar 6, 2013, at 1:27 PM, Wendall Cada wrote: > > > We use couchdb in two configurations. > > > > 1. As a couchapp serving content for basic consumption. (For a url > shortener service) > > 2. As a database on localhost behind pylons or pyramid. > > > > To address the security question. We've been using couchdb for long > enough that it didn't have any security when we started using it in > production (0.8). Up until recently _users was a somewhat insecure featur= e. > It's only been with the release of 1.2.0 that _users is handled securely. > > > > For our needs, couchdb still does not have robust enough acls for any o= f > our applications, so for now, it needs to run behind our app servers. I s= ee > changes for this on the roadmap, but until this actually happens, couchdb > will happily sit on localhost serving docs. > > > > I'm not sure why it isn't understood that based on it's history, CouchD= B > has mostly been used as a database. I know people want it to be an app > server, but, in my opinion, that's the weakest part of the entire system. > > > > Wendall > > > > On 03/06/2013 09:51 AM, Robert Newson wrote: > >> "How does everyone solve the security issue?" > >> > >> What security problem? Only administrators can modify design documents= . > >> > >> B. > >> > >> On 6 March 2013 11:38, Aur=E9lien B=E9nel wrot= e: > >>> Hi, > >>> > >>>> just out of curiosity, would like to hear how CouchDB is being used > in your web environment.... > >>> We have two main setups: > >>> - CouchApps, > >>> - REST APIs used by heavy clients (Java or Firefox extensions) and > attached Web applications. > >>> > >>>> How does everyone solve the security issue? > >>> We always use CouchDB behind a reverse proxy to add LDAP > authentication and authorization when needed. > >>> > >>> > >>> Regards, > >>> > >>> Aur=E9lien > > > > --=20 =93The limits of language are the limits of one's world. =93 - Ludwig von Wittgenstein "Water is fluid, soft and yielding. But water will wear away rock, which is rigid and cannot yield. As a rule, whatever is fluid, soft and yielding will overcome whatever is rigid and hard. This is another paradox: what is soft is strong." - Lao-Tzu --047d7b1118633bc52d04d7471b0b--