couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giovanni Lenzi <g.le...@smileupps.com>
Subject Re: Hide all _all_docs and _changes
Date Wed, 29 Jul 2015 08:39:38 GMT
Hi jim,
you could use together the couchdb vhosts feature and _rewrite of design
documents, and allow requests with a specific host header only, by using a
proxy(like haproxy) in front of couchdb as a kind of firewall.

This will allow then to use an empty rewrites.json file to completely
forbid access, while you can add more rules to increasingly unlock access
to your app features/data.

This approach is used by smileupps apps and chatty tutorial

https://www.smileupps.com/couchapp-tutorial-chatty

https://www.smileupps.com/couchapp-tutorial-chatty-couchapp-design

Hope this helps
 Hi,

It is possible to disable the "_all_docs" feature by editing the local.ini
and entering the following -

[httpd_db_handlers]
_all_docs =

However, I then realised that a user could basically get a full listing of
all documents by requesting _changes. So, I now use -

[httpd_db_handlers]
_all_docs =
_changes =


Do I need to close anything else off if I want to prevent a particular user
from seeing a list of all documents?



Also - is it possible to do disable _all_docs/ and _changes for only
specific databases? I would still like the admin to use _all_docs/ and
_changes

Thanks

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message