On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes <[email protected]> wrote: > Our local sysadmins (who are doing their best to train me to be paranoid) > raised a question about couchdb applications. They are worried about the > potential for DoS attacks (and if they had their way, would disable all POST > and PUT commands on everything...). > > Is it possible to configure the server to require admin (or at least > database admin) credentials in order to post a temporary view? Is it > desirable?
If this is a production system then I would just disable temporary views altogether, but leave them enabled on developer boxes/servers. You should not be using temporary views for anything other than development, using something like couchdb-lucene instead for adhoc queries (https://github.com/rnewson/couchdb-lucene). Cheers, -- Sam Bisbee
