couchdb-marketing mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giovanni Lenzi <g.le...@smileupps.com>
Subject Re: SmileUpps Features (Was: How do CouchApps fit into the CouchDB story? (Was: CouchDB Articles, Pills and Tutorials Ideas))
Date Tue, 05 May 2015 16:53:47 GMT
> I found a massive security concern

I still haven't heard of a single path for exploit, but ok... everyone will
remain with his own convinctions

Thanks for your patience too


2015-05-05 17:09 GMT+02:00 Jan Lehnardt <jan@apache.org>:

>
> > On 05 May 2015, at 16:36, Giovanni Lenzi <g.lenzi@smileupps.com> wrote:
> >
> >> otherwise, again, the system is insecure (I helped build it that way).
> > To tell the truth, with handlers renaming or as soon as an attacker
> doesn't
> > know your db name, the system can still be secured withouth any proxy.
> However,
> > if proxy is really a concern, a fix to use CouchDB only, could eventually
> > be creating a new "default _rewrite path" parameter within couchdb
> > configuration, to be used as "default path" in case of request without or
> > with an incorrect "Host Header"
> >
> > Jan, trust me... All I'm doing here is to bring help with marketing,
> > tutorials and CouchDB improvements... I hope this can be recognized
>
> No worries, I 100% recognise your efforts.
>
> Thank you for being patient with me.
>
> My only concern was with understanding how your particular flavour of
> CouchApp
> works and I think I found a massive security concern. That’s why I won’t be
> advocating for this particular solution (not saying it can’t be, but it
> isn’t
> today).
>
> With that out of the way, let’s get back to the story part of this
> discussion.
>
> Thanks
> Jan
> --
>
>
> >
> >
> > 2015-05-05 15:57 GMT+02:00 Jan Lehnardt <jan@apache.org>:
> >
> >>
> >>> On 05 May 2015, at 15:50, Giovanni Lenzi <g.lenzi@smileupps.com>
> wrote:
> >>>
> >>>> CouchDB has no way of blocking requests to _changes that have no
> filter
> >>> parameter
> >>> Why? _rewrite handler is used to allow only requests complying with
> your
> >>> api, and therefore preventing requests to changes withouth a filter.
> You
> >>> can have a look to rewrites.json file for this.
> >>>
> >>> I agree proxy is a best practice as a load balancer and to forward only
> >>> requests to allowed vhosts, like Smileupps, Iriscouch or Cloudant all
> are
> >>> doing, even if it's not strictly mandatory for security.
> >>>
> >>> Anyway, I was not interested here, in raising this kind of technical
> >>> discussion. My starting e-mail only wanted to be constructive, by
> >> proposing
> >>> a way to push content around CouchDB and Couchapps, to help everyone
> >>> understand what they really can and cannot do.
> >>
> >> I’m sorry to derail this, but I want to make sure I understand your
> system
> >> before I can argue for or against your claims :)
> >>
> >> Your point that CouchApps can be a platform is well taken, thank you for
> >> that!
> >>
> >> You equally can’t force a client to use a _request handler, only if you
> >> block requests without a Host: header in a proxy in front of CouchDB,
> >> otherwise, again, the system is insecure (I helped build it that way).
> >>
> >> Best
> >> Jan
> >> --
> >>
> >>
> >>>
> >>>
> >>> 2015-05-05 15:21 GMT+02:00 Jan Lehnardt <jan@apache.org>:
> >>>
> >>>>
> >>>>> On 05 May 2015, at 15:14, Giovanni Lenzi <g.lenzi@smileupps.com>
> >> wrote:
> >>>>>
> >>>>>> That happens in a proxy outside of CouchDB then?
> >>>>>
> >>>>> No, it happens in the changes filter of the design document.
> >>>>
> >>>> You cannot force a client to use a filter. CouchDB has no way of
> >> blocking
> >>>> requests to _changes that have no filter parameter. If you are not
> doing
> >>>> that in a proxy, your system is not secure.
> >>>>
> >>>> Best
> >>>> Jan
> >>>> --
> >>>> Professional Support for Apache CouchDB:
> >>>> http://www.neighbourhood.ie/couchdb-support/
> >>>>
> >>>>
> >>
> >> --
> >> Professional Support for Apache CouchDB:
> >> http://www.neighbourhood.ie/couchdb-support/
> >>
> >>
>
> --
> Professional Support for Apache CouchDB:
> http://www.neighbourhood.ie/couchdb-support/
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message