couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <>
Subject Re: replication with authentication
Date Tue, 18 Feb 2014 19:10:21 GMT

On Feb 18, 2014, at 10:18 AM, Jason Winshell <> wrote:

> (2) the user:password would never be exposed to user other than the server administrator
on the backup.

If this is a persistent replication, you'd need to secure the '_replicator' database against
unauthorized access, since the URL is a property of the replication document. The _replicator
database seems to be world-readable by default, but AFAIK you can lock it down the same way
you would other databases, i.e. by configuring its security object.

View raw message