Heya Paul, all good questions, I think you’d have to ask the Bitnami folks about this specifically, or hire someone (*cough*) to make an external assessment.
Best Jan -- > On 23. May 2017, at 14:21, Paul Hammant <[email protected]> wrote: > > https://bitnami.com/stack/couchdb > > One click* will get you a couch instance in Google or Amazon's infra. At > least in Google's case they handle SSL off in the tier above ... but what > else has been hardened about these ? > Does anyone know? > Is there a couch_vulns.sh script one can run against a couch install to > look for issues? > > Although WannaCry was in the news last week, Couch was too in Jan - > http://www.pcworld.com/article/3159527/security/attackers-start-wiping-data-from-couchdb-and-hadoop-databases.html > , > https://lists.apache.org/thread.html/5bfd5b30613ac918276bab64a01f00cb451a19624a212b288ffe43b5@%3Cdev.couchdb.apache.org%3E > and a consequential blog entry from this group that I can't find right now. > > - Paul > > * not really one click, but close. -- Professional Support for Apache CouchDB: https://neighbourhood.ie/couchdb-support/
