couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stanley Iriele <>
Subject Securing CouchDB
Date Tue, 02 Jul 2013 05:42:55 GMT
Hello all,

I have a bit of a conundrum that has been racking my brain. I want to use
CouchDB to serve out a website. I was planning on offloading any strange
work to the proxy daemons that I set up but my issue is this has 2 points.
Security and scaling

I have require_valid_user turned so every request forces a 401. so a new
user who has no credentials will see that instead of a login page. I can't
turn require valid user off because access to global handlers can crash the
database.. for example a call to _uuids?count=336736738683673 will crash
the CouchDB. I have rewrite handlers in place but I feel like that is not
safe enough Is there something I am missing?

Secondly If i wanted to have a fan of couchapps Servers so...Identical but
they run on different machines well does that work? I know its a bit
of a strange question but I'm racking my brain on this one

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message