On Sat, 2009-10-03 at 17:02 +0200, Florian Ludwig wrote: > Hi > > i dig a little into couchdb/desktop-couch and am wondering about > security. Did I understand it right that desktop-couch starts couchdb on > a random port without any password requirements, bound to 127.0.0.1? > While not being attackable from the outside, still every program > regardless which users runs it can read my contact list? Or did I got > something wrong? > yes, you missed the OAuth authentication that is enabled by default in desktopcouch. All couchdb HTTP requests need to be signed with the OAuth signature. For remote servers, you can set it up also with OAuth, or with simple username/password credentials
_______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
