Hi everyone, I would like to write down some ideas I had, because there is high probability I'm going to forgot them soon :)
This idea targets a secure use of CouchDB, even when you don't have a proxy in front of it. Given that: 1. the main security concern in the past was related to accessing couchdb root directly, which allowed access to _all_docs, _changes, _all_dbs or others global and db handlers 2. ddocs rewriting rules can be used fairly well to implement security, selectively preventing access to any kind of handler I am asking myself if, in the event the developer wants to access his instance through a "vhost/url rewriting document", is it possible to prevent any request with a wrong header? Where wrong header could be translated both in "host header not specified" or "specified header is not included in vhost configuration section" Maybe a "default vhost path" variable (initially defaulting to "/" or empty) could be used as default "url rewriting document path" in case of wrong Host headers? Will this address the purpose above? Is it possible to implement? -- Giovanni Lenzi www.smileupps.com Smileupps Cloud App Store
