From user-return-31985-archive-asf-public=cust-asf.ponee.io@couchdb.apache.org Mon Jul 29 13:11:35 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 2DF3D18063F for ; Mon, 29 Jul 2019 15:11:35 +0200 (CEST) Received: (qmail 42117 invoked by uid 500); 29 Jul 2019 13:11:30 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 42105 invoked by uid 99); 29 Jul 2019 13:11:29 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Jul 2019 13:11:29 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 5D27B1A32C8 for ; Mon, 29 Jul 2019 13:11:29 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.802 X-Spam-Level: * X-Spam-Status: No, score=1.802 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id AQMmH_q3qy1o for ; Mon, 29 Jul 2019 13:11:25 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.166.45; helo=mail-io1-f45.google.com; envelope-from=ddilushan@gmail.com; receiver= Received: from mail-io1-f45.google.com (mail-io1-f45.google.com [209.85.166.45]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 70E99BC922 for ; Mon, 29 Jul 2019 13:11:24 +0000 (UTC) Received: by mail-io1-f45.google.com with SMTP id i10so6466439iol.13 for ; Mon, 29 Jul 2019 06:11:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Eoozm10G+mcHxRm2eFobWQWm63tsKSXDlcpEKxc312Y=; b=ZtQ8UHT+HAhhrXN7PvOdBGZ/iIw21nnF7e7vNFGvOpEWZ5qZa11LB2w3faCVSjNDZb INpEEvXHQtxaW/N5u39wL7jWxLY8ig6vv+ZBagOXjDW39PI5Bsr1DqIyHh1/JTPZuD6W jXO+L5aT7Wqmpo2NotteEPu2DbKOxFUZ6sR0v/rnPxp5ltfRSc/eL2KnYCmK53Rzu+qM kwdko+zgXtdINfH3MsOCCv4EbEowcV9W/R/+PGOdkScCEqH3X6PQMGL6bDi+fw4SA6YN 8MpyszmoLMmgy3cb5l7w72t8hvYScNpLfFfDKCoSAMCKLHMWxIXw3bjE6sAwRgo/fs9n BzuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Eoozm10G+mcHxRm2eFobWQWm63tsKSXDlcpEKxc312Y=; b=j6TbWAO6gIVwsSTlW+lSVDwpLcLLzXybh3rkOKPOhWsZ2LzaJohVOC0uOCI8ohDiSG GU9CmFjZ+XRzXqg9/ni47DkixSrSe7jZWWC1xhqshzNoON55FkQMHUMUjGqhATv7BGzv zTpKkEM9dlxxvloDybGLagK7HSydY3ug5PrHBBecoq0F3i9/eVVT4FInzFvkgEu3Vd0k nJJT0R1c0yYB8p62EO4mQKeUUkudOKjqZRhA32XO8wYeE0qlQpsVaUS/L/57sRP1ok5Q 3vG6Ep36zY7AM7bCSmUeLg+Ba5ofSfGcWnpvVpx/vxp2jVQv8w/K4BwLZ1xx3aldabh1 9UaQ== X-Gm-Message-State: APjAAAXGIIYR+te9zmuO33AX5+O14Dau325ADt1C/CzeqO/M4B74PBsY IZXV9lV32ETaCMo3/gwSl7ugmw/DKLVUlQXpmMEtd0LEX0A= X-Google-Smtp-Source: APXvYqwSwukaobPocKuMFpN1HzraOhcOgsIWzqpYsRIjGnkHEfSArAzN+aKABQFKG8qVvIb9m3a0q6q9Va4JzpBaIkw= X-Received: by 2002:a5e:cb43:: with SMTP id h3mr4764666iok.252.1564405883525; Mon, 29 Jul 2019 06:11:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dilushan Delgoda Date: Mon, 29 Jul 2019 18:41:12 +0530 Message-ID: Subject: Re: Bind to localhost without require valid user To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary="000000000000f8dea7058ed1a059" --000000000000f8dea7058ed1a059 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi. Thank you very much for your reply. I'm trying to replicate a database by putting a document to _replicator. And when i set source and target "http://admin:password@localhost:5984/db" like this replication happening without any issue. But when i try without putting username and password "http://localhost:5984/db" replication not happening. Is there workaround to solve this? I don't want to put password in replication doc. And source, target and _replicator in same couchdb instance. This is because even a db user with view access can then log in and see the admin password which would compromise security. Best regards On Mon, Jul 29, 2019 at 3:19 PM Matteo Guadrini wrote: > I don't think we can do ... because, network traffic at a much lower leve= l > than the application. > The CouchDB server (frontend) sees GET / PUT / POST coming from a certain > ip. At this point, he asks the database specified in the url for the > request and the server itself will verify the security. > But there is no TCP / IP control at this level. Rather, you could make tw= o > servers, the first one responding only to localhost in AdminParty and the > second with the user and password and in bind on a private / public ip. T= he > second will receive the db in reply from the first. > It could be an idea... > > Matteo Guadrini > > ________________________________ > Da: Dilushan Delgoda > Inviato: luned=C3=AC 29 luglio 2019 10:29 > A: user@couchdb.apache.org > Oggetto: Bind to localhost without require valid user > > Is it possible to bind Couchdb to localhost without require valid user an= d > all other interfaces with require valid user setting. So when application > access through localhost that applications doesn't require username > password to Couchdb and applications access from external interfaces > require username password. > > -- > Regards, > Dilushan Delgoda > --=20 Regards, Dilushan Delgoda --000000000000f8dea7058ed1a059--