I have a couch database (with an admin and and an admin password defined) that's sitting behind an nginx proxy. The ngin proxy routes traffic between http://127.0.0.1:5984 on my VPS and the public address of http://my_domain_name/subdirectory_name. I want anonymous visitors to my website to be able to read from the database but not write to it.
While I can include validation functions in my design documents, this doesn't, as far as I can tell, prevent an anonymous person from sending a request like: curl -X PUT http://my_domain_name/subdirectory_name/my_database_name/ "some_new_doc_id" -d @some_json_file and thus writing a new document to the database. I can use an obscure name for the database, of course, but isn't there some better way? Am I missing something here? Thanks... Catherine
