incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: require admin for temporary view?
Date Tue, 21 Feb 2012 22:12:21 GMT
To disable it server-wide with;

curl localhost:5984/_config/httpd_db_handlers/_temp_view -X DELETE

B.

On 21 February 2012 22:07, Sam Bisbee <sam@sbisbee.com> wrote:
> On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes
> <kevin.r.coombes@gmail.com> wrote:
>> Our local sysadmins (who are doing their best to train me to be paranoid)
>> raised a question about couchdb applications. They  are worried about the
>> potential for DoS attacks (and if they had their way, would disable all POST
>> and PUT commands on everything...).
>>
>> Is it possible to configure the server to require admin (or at least
>> database admin) credentials in order to post a temporary view? Is it
>> desirable?
>
> If this is a production system then I would just disable temporary
> views altogether, but leave them enabled on developer boxes/servers.
> You should not be using temporary views for anything other than
> development, using something like couchdb-lucene instead for adhoc
> queries (https://github.com/rnewson/couchdb-lucene).
>
> Cheers,
>
> --
> Sam Bisbee

Mime
View raw message