Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4F4CA110B2 for ; Fri, 21 Feb 2014 14:43:26 +0000 (UTC) Received: (qmail 66364 invoked by uid 500); 21 Feb 2014 14:43:24 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 66164 invoked by uid 500); 21 Feb 2014 14:43:22 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 66156 invoked by uid 99); 21 Feb 2014 14:43:21 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Feb 2014 14:43:21 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of myalphabetfamily@gmail.com designates 74.125.82.50 as permitted sender) Received: from [74.125.82.50] (HELO mail-wg0-f50.google.com) (74.125.82.50) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Feb 2014 14:43:15 +0000 Received: by mail-wg0-f50.google.com with SMTP id z12so2625792wgg.5 for ; Fri, 21 Feb 2014 06:42:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=wklfd21/a4vW6dmkuU6zRHwGSYX6v5FM/+8xQf9DLIo=; b=Plj44YTJRxD4QV/IZuZSLIOxFsHpLNN/iarSBu5VkjsNSAZPZxvh0nc/JSE0ha6uIQ DQ9RNP4rCrhMise6kCJujLWHCE0Au4iEFRqmNwX2Ux2+Mng4zUoUcbhW/Jpc5Zs7pzx3 Se62hnAxrSWJ08jFvKIfVuTpfhOhrVlMo6wLzBltNWPDiTFRtQaobwQjvfdTyzkX3SLT NxYK3enxjFHqwKv12mLvBn9wsUFH8z+Ml77qbKKBR5HLumeXmbVr7N+2D63ysmMLnuX1 7fFN2WATGJ2Un2SAyZP1aMiVLl91xs1XlIIsbmswnadgyQwBrBInhGRD/HBIGweh2YAH Xt9g== MIME-Version: 1.0 X-Received: by 10.194.62.243 with SMTP id b19mr7531434wjs.63.1392993775186; Fri, 21 Feb 2014 06:42:55 -0800 (PST) Received: by 10.194.37.234 with HTTP; Fri, 21 Feb 2014 06:42:55 -0800 (PST) Date: Fri, 21 Feb 2014 07:42:55 -0700 Message-ID: Subject: CouchDB security From: Ben Johnson To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=047d7b86d6be24f6bc04f2eba385 X-Virus-Checked: Checked by ClamAV on apache.org --047d7b86d6be24f6bc04f2eba385 Content-Type: text/plain; charset=ISO-8859-1 Hello, Thanks in advance for your humoring me on a few questions. I am new to this and learning. I read through the CouchDB guide on security and had a few followup questions. I am posting information to my CouchDB from a browser. I will put a few precautions and validations for the data in the browser but because of nature of the project users will not be required to log in. I am wondering without a log in, how secure should I feel about my database and someone overtaking it? Has someone done this with success? Can all of the data in the database be viewed and or modified from someone using curl and my servers address? Anything else that I should of thought about? The data is not sensitive but I still want to preserve its integrity. Thanks, Ben --047d7b86d6be24f6bc04f2eba385--