On 15 Mar 2010, at 12:21, Paul Davis wrote: >> Apache CouchDB discussions must happen on a mailing list. > > Hence, this thread. XD > > [11:25] <benoitc> mmmm > [11:26] <benoitc> about Host header and vhost > [11:26] <benoitc> couldn't we simply forbid messages without Host ? > [11:26] <davisp> benoitc: sounds like a config option > [11:26] <benoitc> yup > [11:27] <benoitc> that would solve the need of a proxy for some uses I guess > [11:27] <benoitc> with a default virtualhost to nothing > [11:28] <benoitc> (or an info page) > [11:28] <davisp> Oh, maybe that's a better config options, > "defualt_vhost" like most web servers use > [11:28] <benoitc> yes right > [11:30] <benoitc> mmm i could implement that anything against ? > [11:32] <davisp> Sounds like a question for dev@
Thanks. :) > I don't think this discussion should have anything to do with > security. A rewrite/vhost configuration is not a substitute for a > proper security system. Exactly. Hence advertising it for "hiding the API" makes me feel uncomfortable. Cheers Jan --
