couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <m...@jan.io>
Subject Re: Bind to localhost without require valid user
Date Mon, 29 Jul 2019 13:22:46 GMT
Only other admins can see admin's credentials in relocation docs.

Regular users can only see their own replication docs. 

Cheers
Jan
—

> On 29. Jul 2019, at 15:11, Dilushan Delgoda <ddilushan@gmail.com> wrote:
> 
> Hi.
> 
> Thank you very much for your reply.
> 
> I'm trying to replicate a database by putting a document to _replicator.
> And when i set source and target "http://admin:password@localhost:5984/db"
> like this replication happening without any issue. But when i try without
> putting username and password "http://localhost:5984/db" replication not
> happening. Is there workaround to solve this? I don't want to put password
> in replication doc. And source, target and _replicator in same couchdb
> instance.
> 
> This is because even a db user with view access can then log in and see the
> admin password which would compromise security.
> 
> Best regards
> 
> On Mon, Jul 29, 2019 at 3:19 PM Matteo Guadrini <matteo.guadrini@hotmail.it>
> wrote:
> 
>> I don't think we can do ... because, network traffic at a much lower level
>> than the application.
>> The CouchDB server (frontend) sees GET / PUT / POST coming from a certain
>> ip. At this point, he asks the database specified in the url for the
>> request and the server itself will verify the security.
>> But there is no TCP / IP control at this level. Rather, you could make two
>> servers, the first one responding only to localhost in AdminParty and the
>> second with the user and password and in bind on a private / public ip. The
>> second will receive the db in reply from the first.
>> It could be an idea...
>> 
>> Matteo Guadrini
>> 
>> ________________________________
>> Da: Dilushan Delgoda <ddilushan@gmail.com>
>> Inviato: lunedì 29 luglio 2019 10:29
>> A: user@couchdb.apache.org <user@couchdb.apache.org>
>> Oggetto: Bind to localhost without require valid user
>> 
>> Is it possible to bind Couchdb to localhost without require valid user and
>> all other interfaces with require valid user setting. So when application
>> access through localhost that applications doesn't require username
>> password to Couchdb and applications access from external interfaces
>> require username password.
>> 
>> --
>> Regards,
>> Dilushan Delgoda
>> 
> 
> 
> -- 
> Regards,
> Dilushan Delgoda


Mime
View raw message