incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@couchbase.com>
Subject Re: CouchDB security
Date Fri, 21 Feb 2014 16:53:00 GMT

On Feb 21, 2014, at 6:42 AM, Ben Johnson <myalphabetfamily@gmail.com> wrote:

> I will put a few
> precautions and validations for the data in the browser but because of
> nature of the project users will not be required to log in.

Validation in the browser is just a convenience for the user. The real validation has to be
on the server.

>  Can all of the data in
> the database be viewed and or modified from someone using curl and my
> servers address?

If you want anonymous access from a browser, then your database can be viewed anonymously,
yes.
You can restrict modifications using a validation function. Anyone will still be able to modify
the database using curl, but at least they can only post valid data. And it’s pretty easy
to make the validation function reject overwriting or deleting documents.

—Jens
Mime
View raw message