Hi jim,
you could use together the couchdb vhosts feature and _rewrite of design
documents, and allow requests with a specific host header only, by using a
proxy(like haproxy) in front of couchdb as a kind of firewall.
This will allow then to use an empty rewrites.json file to completely
forbid
On 28 Jul 2015, at 02:39, jumbo jim jumboji...@gmail.com wrote:
Hi,
It is possible to disable the _all_docs feature by editing the local.ini
and entering the following -
[httpd_db_handlers]
_all_docs =
However, I then realised that a user could basically get a full listing of
all
Hi Jim,
I don't know of a way to do this using simply couchdb. Probably the best
(standard?) way to ensure that only the pieces of the API are available
which you want is to use a reverse proxy, e.g. nginx. Indeed, it is much
easier and safer to explicitly turn on the things you want, then to
To clarify, I am using middleware and am not presenting the api or futon
directly to end user.
When it comes to security, I tend to turn everything off by default, and
then only permitting what I want to trickle through. The middleware uses a
non-admin account. However, this middleware has no
Hi,
It is possible to disable the _all_docs feature by editing the local.ini
and entering the following -
[httpd_db_handlers]
_all_docs =
However, I then realised that a user could basically get a full listing of
all documents by requesting _changes. So, I now use -
[httpd_db_handlers]