incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam Bisbee <...@sbisbee.com>
Subject Re: require admin for temporary view?
Date Tue, 21 Feb 2012 22:07:24 GMT
On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes
<kevin.r.coombes@gmail.com> wrote:
> Our local sysadmins (who are doing their best to train me to be paranoid)
> raised a question about couchdb applications. They  are worried about the
> potential for DoS attacks (and if they had their way, would disable all POST
> and PUT commands on everything...).
>
> Is it possible to configure the server to require admin (or at least
> database admin) credentials in order to post a temporary view? Is it
> desirable?

If this is a production system then I would just disable temporary
views altogether, but leave them enabled on developer boxes/servers.
You should not be using temporary views for anything other than
development, using something like couchdb-lucene instead for adhoc
queries (https://github.com/rnewson/couchdb-lucene).

Cheers,

--
Sam Bisbee

Mime
View raw message