incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kowsik <kow...@gmail.com>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 02 Aug 2011 03:49:50 GMT
Personally,
I would rather make this a Futon feature (like stopping the admin
party) so that it RESTfully

- sets up an admin user
- sets require_valid_user to true
- and other things

Having an instruction document on how to secure CouchDB is all fine,
but that's not the same as having CouchDB secure itself helping people
relax.

K.
---
http://blitz.io
@pcapr

On Mon, Aug 1, 2011 at 6:36 PM, Sam Bisbee <sam@sbisbee.com> wrote:
> Hi Chang,
>
> CouchDB is very promiscuous out of the box. This is fine since it
> listens to localhost by default, and tries to subconsciously get the
> developer to start building lazy applications.
>
> That being said, you can easily lock CouchDB down. Including
> restricting access to _users, which your e-mail suggests is not
> possible.
>
> This is not a problem in my opinion. It is no different than Apache
> HTTPD, nginx, or any other network server. Whenever you deploy them
> into production you should have a checklist of changes you need to
> make to the configuration to lock them down. Hell, you need to lock
> down a Linux machine if you put it on the Internet without any
> publicly facing services.
>
> All of that being said, there should be a checklist of steps to lock
> CouchDB down. If no one has seen one floating around the Web yet, then
> I'll start putting one together.
>
> Cheers,
>
> --
> Sam Bisbee
>
> On Mon, Aug 1, 2011 at 4:19 PM, Chang Luo <chang@pokerchang.com> wrote:
>> Hi Max,
>> I have been always enjoyed your videos and posts.  In the past few months, I
>> have been trying hard to learn couchapp and not use a middle tier for one of
>> my projects.
>>
>> Now I ran into a security issue that seems to be a blocker for me to use
>> CouchApp. The issue is how to set up security for _users database.  By
>> default, it's worldwide readable.  This means everyone can access all user
>> email and password hash.  This is definitely not acceptable for users
>> privacy.  But if I make it only readable to admin, it will break the
>> couchapp login model.
>>
>> E.g. I can get all maxogden.com user email and password hash with one http
>> call.  I won't post the URL here but anyone with basic couch knowledge can
>> do it in 5 seconds.
>>
>> Any solution to this problem?  Or do I have to give up CouchApp?
>>
>> Thanks!
>>
>> Chang
>>
>> On Mon, Aug 1, 2011 at 11:14 AM, Max Ogden <max@maxogden.com> wrote:
>>
>>> couch has a pretty full featured security model actually:
>>> http://blog.couchbase.com/whats-new-in-couchdb-1-0-part-4-securityn-stuff
>>>
>>> and you can proxy couchapps behind a vhost (thus making the rest of the
>>> couch api inaccessible): http://vimeo.com/20773112
>>>
>>> and heres a couple 'pure' couchapps i've built lately to help you get a
>>> feel
>>> for the stuff possible:
>>> http://open211.org
>>> http://monocl.es
>>> http://open211.org:5984/social_services/_design/removalist/_rewrite
>>>
>>> cheers!
>>>
>>> max
>>>
>>> On Mon, Aug 1, 2011 at 2:10 PM, Gregor Martynus <gregor@martynus.net>
>>> wrote:
>>>
>>> > I had some discussions on the CouchConf last Friday about the pros &
cons
>>> > of
>>> > a CouchApp vs. a traditional 3 tier architecture. I'm new to CouchDB
>>> > myself,
>>> > I don't have strong opinions yet. My thoughts so far
>>> >
>>> > PRO
>>> >
>>> >   1. portability:
>>> >   a CouchApp has both application logic and data in the same module.
>>> >   Together with its replication features one could very easily take the
>>> > same
>>> >   app used for a web app and put it into a mobile phone or an enterprise
>>> >   intranet/extranet.
>>> >   2. simplicity / reach:
>>> >   It empowers a lot of UI Designers/Developers to build Database backed
>>> >   applications. That's pretty impressive, you know jQuery? You can build
>>> >   couchApps.
>>> >
>>> > CONTRA
>>> >
>>> >   1. security:
>>> >   CouchApp comes with build in signup/signin, but what keeps users to
>>> >   access pages like »/db/_all_docs?include_docs=true« ? There is now
way
>>> to
>>> >   hide documents created by User A from User B with CouchDB's build in
>>> >   features as far as I understand it.
>>> >   2. scaleability:
>>> >   there are more possibilities to scale with a 3 tier architecture than
>>> >   there are for CouchApps
>>> >
>>> > What do you think? Do you have a CouchApp running today in Production?
>>> > What's your experience so far?
>>> >
>>> > I'd be happy to summarize the opinions and put them up on the couchDB
>>> wiki
>>> > so that everybody can benefit from it.
>>> >
>>>
>>
>

Mime
View raw message