On Monday, August 21, 2017 at 11:37:25 AM UTC-4, Dragon Cotterill wrote: > > For what it's worth, my set-up does work properly and my CouchDB runs over >> a TLS connection so it's a pretty secure set-up. >> > > Runs over TLS on a connection that doesn't use certificate pinning, so > it's not as secure as you think it is. >
It is as secure as I think it is. That is why I said "pretty secure" instead of "secure". I'm aware of the issues when pinning is not enabled. As Couchdb does not support it, I can't do much at this time. In any case, this is both a hobby and a test case. I also (currently) don't have back-ups of the couchdb database(s) or a restore strategy. I haven't put the couchdb server in a jail. I haven't decided if server-side encryption would offer any real benefit. I haven't enabled mandatory access controls on the server to further restrict access to the data. I haven't got a web application firewall in place yet. I have a very primitive IDS in place. "Pretty secure" is not "production ready" but is, in my opinion, "hobby ready". Oh, and it's currently running on my home (DHCP assigned) address, which changes about once a week. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/d59122be-5eba-49ef-a968-ff7b19bcbff2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
