To disable it server-wide with; curl localhost:5984/_config/httpd_db_handlers/_temp_view -X DELETE
B. On 21 February 2012 22:07, Sam Bisbee <[email protected]> wrote: > On Tue, Feb 21, 2012 at 5:01 PM, Kevin R. Coombes > <[email protected]> wrote: >> Our local sysadmins (who are doing their best to train me to be paranoid) >> raised a question about couchdb applications. They are worried about the >> potential for DoS attacks (and if they had their way, would disable all POST >> and PUT commands on everything...). >> >> Is it possible to configure the server to require admin (or at least >> database admin) credentials in order to post a temporary view? Is it >> desirable? > > If this is a production system then I would just disable temporary > views altogether, but leave them enabled on developer boxes/servers. > You should not be using temporary views for anything other than > development, using something like couchdb-lucene instead for adhoc > queries (https://github.com/rnewson/couchdb-lucene). > > Cheers, > > -- > Sam Bisbee
