incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Wed, 06 Mar 2013 18:42:28 GMT
Don't grant users access to databases you don't want them to read. :)

http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization

B.

On 6 March 2013 12:33, Mark Hahn <mark@hahnca.com> wrote:
> Anyone logged in can read any document in the DB.  I have to check each
> user and what they are trying to do to block illegal actions.
>
>
> On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnewson@apache.org> wrote:
>
>> "How does everyone solve the security issue?"
>>
>> What security problem? Only administrators can modify design documents.
>>
>> B.
>>
>> On 6 March 2013 11:38, Aurélien Bénel <aurelien.benel@utt.fr> wrote:
>> > Hi,
>> >
>> >> just out of curiosity, would like to hear how CouchDB is being used in
>> your web environment....
>> >
>> > We have two main setups:
>> > - CouchApps,
>> > - REST APIs used by heavy clients (Java or Firefox extensions) and
>> attached Web applications.
>> >
>> >> How does everyone solve the security issue?
>> >
>> > We always use CouchDB behind a reverse proxy to add LDAP authentication
>> and authorization when needed.
>> >
>> >
>> > Regards,
>> >
>> > Aurélien
>>

Mime
View raw message