couchdb-marketing mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: For next NEWS - MongoDB security
Date Thu, 12 Feb 2015 10:46:52 GMT

> On 12 Feb 2015, at 11:44, Alexander Shorin <kxepal@gmail.com> wrote:
> 
> On Thu, Feb 12, 2015 at 1:36 PM, Jan Lehnardt <jan@apache.org> wrote:
>>> On 12 Feb 2015, at 09:51, Andy Wenk <andywenk@apache.org> wrote:
>>> 
>>> Alex,
>>> 
>>> this is the marketing list. It is applicable that if you do not configure
>>> CouchDB correctly you have security issues. All I want to say here is the
>>> fact, that not only MongoDB has security leaks when not configured
>>> correctly but also CouchDB (and mySQL, and PostgreSQL and ...). So it is
>>> worth mentioning the findings by these students in the news by pointing to
>>> their website or paper.
>>> 
>>> You are welcome to write an article or blog post about how to secure
>>> CouchDB and which mechanisms are offered. Maybe also in comparison with
>>> MongoDB. Would be extremely cool to then point to the article.
>> 
>> I remember writing such a thing, but I can’t recall where. Anyone remember? :)
> 
> This one?
> http://podefr.tumblr.com/post/30895595277/securing-couchdb-in-3-steps

Well, that wasn’t written by me, but this will do as a start.

I want to make sure we communicate that a default CouchDB installation *is*
secure and that we are thinking hard and long about how to not trick people
into accidentally exposing their data. Because that’s what we do and always
have done.

> 
> 
> --
> ,,,^..^,,,


Mime
View raw message