On Mon, Mar 15, 2010 at 1:26 PM, Jan Lehnardt <[email protected]> wrote: > > On 15 Mar 2010, at 12:21, Paul Davis wrote: > >>> Apache CouchDB discussions must happen on a mailing list. >> >> Hence, this thread. XD >> >> [11:25] <benoitc> mmmm >> [11:26] <benoitc> about Host header and vhost >> [11:26] <benoitc> couldn't we simply forbid messages without Host ? >> [11:26] <davisp> benoitc: sounds like a config option >> [11:26] <benoitc> yup >> [11:27] <benoitc> that would solve the need of a proxy for some uses I guess >> [11:27] <benoitc> with a default virtualhost to nothing >> [11:28] <benoitc> (or an info page) >> [11:28] <davisp> Oh, maybe that's a better config options, >> "defualt_vhost" like most web servers use >> [11:28] <benoitc> yes right >> [11:30] <benoitc> mmm i could implement that anything against ? >> [11:32] <davisp> Sounds like a question for dev@ > > Thanks. :) > > >> I don't think this discussion should have anything to do with >> security. A rewrite/vhost configuration is not a substitute for a >> proper security system. > > Exactly. Hence advertising it for "hiding the API" makes me feel > uncomfortable.
Indeed. Perhaps just calling it what it is might be best. To me it clicked when I thought about it in terms of web server configurations. > Cheers > Jan > -- > >
