> On 12 Feb 2015, at 11:44, Alexander Shorin <[email protected]> wrote: > > On Thu, Feb 12, 2015 at 1:36 PM, Jan Lehnardt <[email protected]> wrote: >>> On 12 Feb 2015, at 09:51, Andy Wenk <[email protected]> wrote: >>> >>> Alex, >>> >>> this is the marketing list. It is applicable that if you do not configure >>> CouchDB correctly you have security issues. All I want to say here is the >>> fact, that not only MongoDB has security leaks when not configured >>> correctly but also CouchDB (and mySQL, and PostgreSQL and ...). So it is >>> worth mentioning the findings by these students in the news by pointing to >>> their website or paper. >>> >>> You are welcome to write an article or blog post about how to secure >>> CouchDB and which mechanisms are offered. Maybe also in comparison with >>> MongoDB. Would be extremely cool to then point to the article. >> >> I remember writing such a thing, but I can’t recall where. Anyone remember? >> :) > > This one? > http://podefr.tumblr.com/post/30895595277/securing-couchdb-in-3-steps
Well, that wasn’t written by me, but this will do as a start. I want to make sure we communicate that a default CouchDB installation *is* secure and that we are thinking hard and long about how to not trick people into accidentally exposing their data. Because that’s what we do and always have done. > > > -- > ,,,^..^,,,
signature.asc
Description: Message signed with OpenPGP using GPGMail
