From user-return-19888-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org  Tue Feb 21 22:16:40 2012
Return-Path: <user-return-19888-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id AC1989F0D
	for <apmail-couchdb-user-archive@www.apache.org>; Tue, 21 Feb 2012 22:16:40 +0000 (UTC)
Received: (qmail 85287 invoked by uid 500); 21 Feb 2012 22:16:39 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 85244 invoked by uid 500); 21 Feb 2012 22:16:39 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 85236 invoked by uid 99); 21 Feb 2012 22:16:39 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Feb 2012 22:16:39 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FSL_RCVD_USER,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of kevin.r.coombes@gmail.com designates 209.85.161.180 as permitted sender)
Received: from [209.85.161.180] (HELO mail-gx0-f180.google.com) (209.85.161.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Feb 2012 22:16:32 +0000
Received: by ggnr1 with SMTP id r1so3817815ggn.11
        for <user@couchdb.apache.org>; Tue, 21 Feb 2012 14:16:12 -0800 (PST)
Received-SPF: pass (google.com: domain of kevin.r.coombes@gmail.com designates 10.101.51.12 as permitted sender) client-ip=10.101.51.12;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of kevin.r.coombes@gmail.com designates 10.101.51.12 as permitted sender) smtp.mail=kevin.r.coombes@gmail.com; dkim=pass header.i=kevin.r.coombes@gmail.com
Received: from mr.google.com ([10.101.51.12])
        by 10.101.51.12 with SMTP id d12mr11595274ank.69.1329862572374 (num_hops = 1);
        Tue, 21 Feb 2012 14:16:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=message-id:date:from:organization:user-agent:mime-version:to:cc
         :subject:references:in-reply-to:content-type
         :content-transfer-encoding;
        bh=TXvzdsfFlblLvhuJpeHJTpCiQOcu2hgeBlBVcTzUFWk=;
        b=Z2gwGQlHRg/qnuTW7uf20jAzopKtW3XUKBgoW9UskP/TrpK4zU3yNVP0aOPOPjPH0d
         g1L6yr/YW8UmY1FlAZnyi3NIPAGsiYiaO9UZ3Icih0hOkIqdhmE+MaDeg0p2NXZD89Tq
         JCyHa+2b1u9k2CnIjG1ZiJavwGCmy9Ya6O5/4=
Received: by 10.101.51.12 with SMTP id d12mr9002571ank.69.1329862572322;
        Tue, 21 Feb 2012 14:16:12 -0800 (PST)
Received: from [10.105.35.136] ([143.111.22.28])
        by mx.google.com with ESMTPS id h36sm57411385yhj.6.2012.02.21.14.16.11
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 21 Feb 2012 14:16:11 -0800 (PST)
Message-ID: <4F4417AA.3030208@gmail.com>
Date: Tue, 21 Feb 2012 16:16:10 -0600
From: "Kevin R. Coombes" <kevin.r.coombes@gmail.com>
Organization: UT M.D. Anderson Cancer Center
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: user@couchdb.apache.org
CC: Sam Bisbee <sam@sbisbee.com>
Subject: Re: require admin for temporary view?
References: <4F441424.6010704@gmail.com> <CALpjNymHTaVXz5utHEUnuzNAGSK0yAR1M_9H+=GQXusz6n5rpQ@mail.gmail.com>
In-Reply-To: <CALpjNymHTaVXz5utHEUnuzNAGSK0yAR1M_9H+=GQXusz6n5rpQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

I don't use them myself for anything.  But the API defines them, so some 
rogue user could conceivably write the equivalent of
     for each document
         emit it a million times
and cripple the server.

When I google "couchdb disable temporary view", nothing particularly 
useful comes back. When you suggest disabling them, do you mean using a 
proxy to block them? Or is there a couch-specific way to configure the 
couch server to refuse them (either totally or conditionally on the 
provision of admin credentials)?

     Kevin

On 2/21/2012 4:07 PM, Sam Bisbee wrote:
> On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes
> <kevin.r.coombes@gmail.com>  wrote:
>> Our local sysadmins (who are doing their best to train me to be paranoid)
>> raised a question about couchdb applications. They  are worried about the
>> potential for DoS attacks (and if they had their way, would disable all POST
>> and PUT commands on everything...).
>>
>> Is it possible to configure the server to require admin (or at least
>> database admin) credentials in order to post a temporary view? Is it
>> desirable?
> If this is a production system then I would just disable temporary
> views altogether, but leave them enabled on developer boxes/servers.
> You should not be using temporary views for anything other than
> development, using something like couchdb-lucene instead for adhoc
> queries (https://github.com/rnewson/couchdb-lucene).
>
> Cheers,
>
> --
> Sam Bisbee