couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Schmidt <spiolli...@googlemail.com>
Subject Is the CouchDB users database secure?
Date Tue, 16 Jul 2013 23:08:36 GMT
While reading the Kan.so docs ( 
http://kan.so/docs/The_users_database ) I saw 
that the users database, which includes 
username and password, is publicly accessible 
for everyone. Couldn't an attacker use this to 
create a list of all username-password pairs? 
Wouldn't it be more secure to use a server side 
function which validates the password without 
giving the users db directly to everyone? Or am I 
just too paranoid?

Regards

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message