couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johannes Jörg Schmidt <schm...@netzmerk.com>
Subject Re: authentication_redirect is not working.
Date Sat, 19 Apr 2014 10:51:16 GMT
We have vhosts and rewrites like this in production for years and it works
like a charm.
If you unterstand CouchDBs security model nothing speaks against opening
its API to the world.

Greetings
Johannes
Am 19.04.2014 06:41 schrieb "Benoit Chesneau" <bchesneau@gmail.com>:

> On Fri, Apr 18, 2014 at 3:56 PM, Scott Weber <scotty2541@sbcglobal.net
> >wrote:
>
> > Yes, I tried to implement the vhost and redirect. vhost was behaving as
> > documented. The redirect was not. There was no change in behavior.
> >
>
> I have just tested this rule:
>
>   [{
>
>         "from": "/",
>         "to": "index.html"
>     },
>     {
>
>         "from": "/*",
>
>         "to": "*"
>     },
>     ... other rules to access to dbs
> ]
>
>
>
> and set the vhost to the /db/ddoc/_rewrites
>
> and it was working as expected
>
>
> >
> > The purpose is that I was led to believe that this server would eliminate
> > the need for a public facing general web server. As such, real domains
> show
> > you actual content at their root level, not a dry "welcome to couchdb"
> > message.
> >
>
> > I can see that this is not such a good idea, for a number of reasons.
> > Fortunately I have already placed it in a farm behind a formal server,
> and
> > can control access through rewrites and server side scripts. It turned
> into
> > a classic example of using a tool for what it is good at, not trying to
> > make it into something it is not designed for.
> >
> >
> The rule above works. I did it a lot f time. Now the only part that is
> really missing of the equation is the security. If you want to prevent
> people to go on the root you will need to use a proxy on top.
>
> - benoit
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message