incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karel Minařík <>
Subject Re: Common security pattern?
Date Sun, 03 Jan 2010 18:13:57 GMT

> On Jan 3, 2010, at 6:31 AM, Paweł Stawicki <>
>> It is unevitable that if DB is accessible in the internet, everyone
>> can edit/add/delete documents. After all, this is what I want. But I
>> don't want to allow deletion of whole database. Or access to another
>> databases on the same CouchDB server.

>> Even if I can prevent deletion of whole database, I can't prevent
>> deletion of single documents, and malicious user could delete them  
>> one
>> by one.

>> So in a nutshell, I have questions:
>> 1. Is it possible to prevent deletion of database?
>> 2. Is it possible to prevent deletion of documents? Or, even  
>> better...
>> 3. it possible to limit number of deleted documents for  
>> specific
>> IP for time unit. E.g. one document deletion per minute?

I am quite green in this area, but I've been thinking a bit about this  
lately and IMHO you can do several things:

First, you can hook up your application with some reverse-proxy, as  
Sean Hess adviced. This way you can expose only the URL to one  
database (and possibly to the _design/myapp document, so you get nicer  
URLs). In Nginx, you'd do something like this: 
, it would be very similar in Apache. This way, you're not exposing  
the whole couch, but only that specific database, restricting the  

Then, you can implement basic authentication [

], which basically will disallow anyone to create/delete design docs  
and other stuff  (see the relax book for listing.) Anyone un- 
authorized can still create/update/delete "regular" documents, which  
is what you want.

Then again, you can restrict deleting/updating/etc docs to the user  
who originally created those (which is basically what @jchrisa's sofa  
does, see 
, or disallow deleting docs entirely (again see @jchrisa's toast,

. (In a Wiki, it could make sense to disallow deleting docs, unless  
authorized, etc)

I am not sure how to limit number of deletions per IP+time, unless you  
have some authentication info about the user...

View raw message