Thanks for the quick reply. Can you elaborate why this isn't recommended?
The alternative is embedding usernames and passwords somewhere in the front-end app, or container, or elsewhere.. In comparison to MySQL, it might be less secure.. since in theory with MySQL, you can limit access to localhost for specific users, but this doesn't appear possible with CouchDB, so if someone got the credentials, it would be game over if the server has any kind of publicly visible CouchDB (which would be the norm for a global cluster) instance. The model that feels good to me, is to have completely open access via a socket or localhost, and then a public API protected by a public/private key and an iptables rule. But this might not fit well with CouchDB? Thanks Samuel On 29 October 2016 at 02:52, Jan Lehnardt <[email protected]> wrote: > This is not recommended. > > Best > Jan > -- > >> On 28 Oct 2016, at 14:40, Samuel Williams <[email protected]> >> wrote: >> >> Is this possible? Desirable? We use this model when deploying MySQL >> and it works very well. > > -- > Professional Support for Apache CouchDB: > https://neighbourhood.ie/couchdb-support/ >
