incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Schmidt <>
Subject Is the CouchDB users database secure?
Date Tue, 16 Jul 2013 23:08:36 GMT
While reading the docs ( ) I saw 
that the users database, which includes 
username and password, is publicly accessible 
for everyone. Couldn't an attacker use this to 
create a list of all username-password pairs? 
Wouldn't it be more secure to use a server side 
function which validates the password without 
giving the users db directly to everyone? Or am I 
just too paranoid?


  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message