incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stanley Iriele <siriele...@gmail.com>
Subject Re: Disabling doc include
Date Thu, 02 Jan 2014 18:49:10 GMT
Well..thanks for that I didn't realize that. The solution I was suggesting
would have been places behind a reverse proxy of course
On Jan 2, 2014 1:12 PM, "Jan Lehnardt" <jan@apache.org> wrote:

>
> On 01 Jan 2014, at 23:32 , Stanley Iriele <siriele2x3@gmail.com> wrote:
>
> > Can't you just use vhosts and rewrites to take care of that?...
> Also...you
> > could use list functions to ad an extra step yo do anything you want with
> > the results of a view before sending it to a client
>
> vhosts are using the `Host` header in HTTP requests. While mandatory in
> HTTP 1.1, CouchDB will happily answer to HTTP 1.0 requests without a `Host`
> header and will serve the default `/` URL and any subsequent one.
>
> Do not use CouchDB vhosts as a security mechanism.
>
> Best
> Jan
> --
>
>
>
>
> > On Jan 1, 2014 3:47 PM, "Jens Alfke" <jens@couchbase.com> wrote:
> >
> >>
> >> On Dec 31, 2013, at 1:44 AM, meredrica <stuff@meredrica.org> wrote:
> >>
> >>> I expose CouchDB directly to mobile clients and wanted to hide some
> >>> information from them.
> >>
> >> You can’t really do that; there’s no notion of read-protection in
> CouchDB.
> >> As a workaround you can put CouchDB behind a proxy or gateway, and
> >> restrict the URL patterns that clients are allowed to send.
> >>
> >> —Jens
> >>
> >>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message