couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Disabling doc include
Date Thu, 02 Jan 2014 18:06:32 GMT

On 01 Jan 2014, at 23:32 , Stanley Iriele <siriele2x3@gmail.com> wrote:

> Can't you just use vhosts and rewrites to take care of that?... Also...you
> could use list functions to ad an extra step yo do anything you want with
> the results of a view before sending it to a client

vhosts are using the `Host` header in HTTP requests. While mandatory in
HTTP 1.1, CouchDB will happily answer to HTTP 1.0 requests without a `Host`
header and will serve the default `/` URL and any subsequent one.

Do not use CouchDB vhosts as a security mechanism.

Best
Jan
-- 




> On Jan 1, 2014 3:47 PM, "Jens Alfke" <jens@couchbase.com> wrote:
> 
>> 
>> On Dec 31, 2013, at 1:44 AM, meredrica <stuff@meredrica.org> wrote:
>> 
>>> I expose CouchDB directly to mobile clients and wanted to hide some
>>> information from them.
>> 
>> You can’t really do that; there’s no notion of read-protection in CouchDB.
>> As a workaround you can put CouchDB behind a proxy or gateway, and
>> restrict the URL patterns that clients are allowed to send.
>> 
>> —Jens
>> 
>> 


Mime
View raw message