incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Copenhaver <sean.copenha...@gmail.com>
Subject Re: Curiosity how you use CouchDB in your web env.
Date Wed, 06 Mar 2013 20:05:06 GMT
I've made a site that was only a couchapp and enjoyed the experience quite
a bit. I've also used it for internal tooling to store data and to host
mini couchapps for search or utility pages.

In all cases though security of data (at least I didn't care who could read
the data)  was not a requirement and I've greatly enjoyed my experiences. I
would love to play around with gardener along with an OS daemon to try a
tightly coupled nodejs + couchdb setup. Would also love to see CouchDB
hosts to offer such things as well.



On Wed, Mar 6, 2013 at 2:51 PM, Dan Santner <dansantner@me.com> wrote:

> I think it's brilliant as just a database and no more.  So that's how I
> use it.  I have a similar setup to your #2.  Perhaps that just because I
> feel most comfortable with that type of setup.  This way I don't burden
> couch with anything security related.  It just eats and serves docs.  My
> app tier handles the access control and other tasks like email or any other
> services over the net that I need to use.
>
>
> On Mar 6, 2013, at 1:27 PM, Wendall Cada <wendallc@83864.com> wrote:
>
> > We use couchdb in two configurations.
> >
> > 1. As a couchapp serving content for basic consumption. (For a url
> shortener service)
> > 2. As a database on localhost behind pylons or pyramid.
> >
> > To address the security question. We've been using couchdb for long
> enough that it didn't have any security when we started using it in
> production (0.8). Up until recently _users was a somewhat insecure feature.
> It's only been with the release of 1.2.0 that _users is handled securely.
> >
> > For our needs, couchdb still does not have robust enough acls for any of
> our applications, so for now, it needs to run behind our app servers. I see
> changes for this on the roadmap, but until this actually happens, couchdb
> will happily sit on localhost serving docs.
> >
> > I'm not sure why it isn't understood that based on it's history, CouchDB
> has mostly been used as a database. I know people want it to be an app
> server, but, in my opinion, that's the weakest part of the entire system.
> >
> > Wendall
> >
> > On 03/06/2013 09:51 AM, Robert Newson wrote:
> >> "How does everyone solve the security issue?"
> >>
> >> What security problem? Only administrators can modify design documents.
> >>
> >> B.
> >>
> >> On 6 March 2013 11:38, Aurélien Bénel <aurelien.benel@utt.fr> wrote:
> >>> Hi,
> >>>
> >>>> just out of curiosity, would like to hear how CouchDB is being used
> in your web environment....
> >>> We have two main setups:
> >>> - CouchApps,
> >>> - REST APIs used by heavy clients (Java or Firefox extensions) and
> attached Web applications.
> >>>
> >>>> How does everyone solve the security issue?
> >>> We always use CouchDB behind a reverse proxy to add LDAP
> authentication and authorization when needed.
> >>>
> >>>
> >>> Regards,
> >>>
> >>> Aurélien
> >
>
>


-- 
“The limits of language are the limits of one's world. “ - Ludwig von
Wittgenstein

"Water is fluid, soft and yielding. But water will wear away rock, which is
rigid and cannot yield. As a rule, whatever is fluid, soft and yielding
will overcome whatever is rigid and hard. This is another paradox: what is
soft is strong." - Lao-Tzu

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message