Return-Path: X-Original-To: apmail-couchdb-marketing-archive@minotaur.apache.org Delivered-To: apmail-couchdb-marketing-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3E29310225 for ; Tue, 5 May 2015 13:52:15 +0000 (UTC) Received: (qmail 30926 invoked by uid 500); 5 May 2015 13:52:15 -0000 Delivered-To: apmail-couchdb-marketing-archive@couchdb.apache.org Received: (qmail 30892 invoked by uid 500); 5 May 2015 13:52:14 -0000 Mailing-List: contact marketing-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: marketing@couchdb.apache.org Delivered-To: mailing list marketing@couchdb.apache.org Received: (qmail 30881 invoked by uid 99); 5 May 2015 13:52:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 May 2015 13:52:14 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: message received from 54.191.145.13 which is an MX secondary for marketing@couchdb.apache.org) Received: from [54.191.145.13] (HELO mx1-us-west.apache.org) (54.191.145.13) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 May 2015 13:52:09 +0000 Received: from smtpdb7.aruba.it (smtpdb7.aruba.it [62.149.158.249]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTP id CDAF524CE3 for ; Tue, 5 May 2015 13:51:48 +0000 (UTC) Received: from mail-ig0-f179.google.com ([209.85.213.179]) by smtpcmd03.ad.aruba.it with bizsmtp id QDqk1q0193so46h01Dql3K; Tue, 05 May 2015 15:50:45 +0200 Received: by igbhj9 with SMTP id hj9so100572903igb.1 for ; Tue, 05 May 2015 06:50:45 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.107.18.76 with SMTP id a73mr30307867ioj.48.1430833845143; Tue, 05 May 2015 06:50:45 -0700 (PDT) Received: by 10.107.57.193 with HTTP; Tue, 5 May 2015 06:50:45 -0700 (PDT) In-Reply-To: <4915DF0F-1575-404A-B005-B4A62071DA95@apache.org> References: <33BD4D82-787C-48D5-B963-FEEA4C0913CB@apache.org> <4209351E-F51E-4DB5-8A5F-8AB53DA21877@apache.org> <47CA7E1D-AC9D-42C3-9188-778265347F10@apache.org> <5D665CF6-8E41-477F-BBE1-6EC7CDC534AA@apache.org> <4915DF0F-1575-404A-B005-B4A62071DA95@apache.org> Date: Tue, 5 May 2015 15:50:45 +0200 Message-ID: Subject: Re: SmileUpps Features (Was: How do CouchApps fit into the CouchDB story? (Was: CouchDB Articles, Pills and Tutorials Ideas)) From: Giovanni Lenzi To: marketing@couchdb.apache.org Content-Type: multipart/alternative; boundary=001a113eda341295b1051555f73a X-Virus-Checked: Checked by ClamAV on apache.org --001a113eda341295b1051555f73a Content-Type: text/plain; charset=UTF-8 > CouchDB has no way of blocking requests to _changes that have no filter parameter Why? _rewrite handler is used to allow only requests complying with your api, and therefore preventing requests to changes withouth a filter. You can have a look to rewrites.json file for this. I agree proxy is a best practice as a load balancer and to forward only requests to allowed vhosts, like Smileupps, Iriscouch or Cloudant all are doing, even if it's not strictly mandatory for security. Anyway, I was not interested here, in raising this kind of technical discussion. My starting e-mail only wanted to be constructive, by proposing a way to push content around CouchDB and Couchapps, to help everyone understand what they really can and cannot do. 2015-05-05 15:21 GMT+02:00 Jan Lehnardt : > > > On 05 May 2015, at 15:14, Giovanni Lenzi wrote: > > > >> That happens in a proxy outside of CouchDB then? > > > > No, it happens in the changes filter of the design document. > > You cannot force a client to use a filter. CouchDB has no way of blocking > requests to _changes that have no filter parameter. If you are not doing > that in a proxy, your system is not secure. > > Best > Jan > -- > Professional Support for Apache CouchDB: > http://www.neighbourhood.ie/couchdb-support/ > > --001a113eda341295b1051555f73a--