Re: Publisher account for CouchDB snap

Ah, great. I'll be the first to admit I haven't done a deep dive on the docs yet. Given what you just wrote, the only issue I that can see remaining is that the majority of our systems are behind hospital firewalls, unable to reach the open internet. We provide system updates by handing our

Re: Publisher account for CouchDB snap

Hi Eli, Enterprise servers, clouds and industrial IoT is a major focus for snaps, perhaps more so than desktop. As I understand it you're making a medical device, right? In this use case we have a special class of snaps called "gadget snaps" which enable the specific hardware your product is

Proposal: Computed Indices in Mango Query Server

Hi there, I am quite new to the world of CouchDB and I know that this is quite a fundamental proposal, but I very much hope that it will still be received and discussed openly: The Mango Query Server aims at offering a simpler alternative to MapReduce queries. As it stands now, it is also

Re: ransom note - couchdb exploit / privilege escalation ?

A reminder that the security sensitive discussion with Vivek is happening elsewhere. We don't want to reveal any issue that might be found until we have a fix, if it turns out to be an avoidable fault in couchdb. The discussion of improved 3.0 defaults can continue here or in a new thread.

Re: ransom note - couchdb exploit / privilege escalation ?

@Paul: I agree, it is pretty straightforward to have some basic settings on. Could we rely on the cluster_setup endpoint to secure the instance? If that is considered to be the first 'mandatory step' of a live instance, it would be nice as an almost out-of-the-box secure set up. (Plus, you can

Re: [NEWS] The CouchDB weekly news for January 19 is out!

Hello Diana, I am sorry to hear, that you have problems unsubscribing or, even more serious, you never gave permissions to be added. Please understand nevertheless, that we do not unsubscribe any people from our mailinglists “by hand". Please follow the unsubscribe steps as explained here:

Re: ransom note - couchdb exploit / privilege escalation ?

> > tee-hee, that was my wishful thinking, less actual planning :) > > As usual, there is no estimate for now. > Don't worry - my open source commitments slip by five years at a time, but I thought I'd ask just in case. It might be better to focus on a series of post-install scripts for 2.x that

Re: ransom note - couchdb exploit / privilege escalation ?

> On 20 Jan 2017, at 12:32, Paul Hammant wrote: > > Hey Jan. In a thread "CouchDB Next" in Sept, Couch DB 3.0 was thought to be > 3-6 months in the future. What's the current thinking? tee-hee, that was my wishful thinking, less actual planning :) As usual, there is no

Re: ransom note - couchdb exploit / privilege escalation ?

Hey Jan. In a thread "CouchDB Next" in Sept, Couch DB 3.0 was thought to be 3-6 months in the future. What's the current thinking? - Paul On Fri, Jan 20, 2017 at 6:09 AM, Jan Lehnardt wrote: > Hi Thomas, > > thank you for offering to help. We first need to find out what is

Re: ransom note - couchdb exploit / privilege escalation ?

Hi Thomas, thank you for offering to help. We first need to find out what is going at all, so we can do the right thing. We’ve already prepared many things to move away from Admin Party by default in 3.0. > Plus to mitigate risk (and limit interest), Fauxton should be > minimalist (Once out of

Re: ransom note - couchdb exploit / privilege escalation ?

Hi all, That is annoying... Good to read you have some backups and won't be too impacted by this issue. I think it is important to make sure that a CouchDB instance (port 6984 or port 5984 behind a ssl proxy) is safe to expose to the wild. In a way, that is related to Paul Hammant email "Admin