On Sep 6, 2012, at 4:54 PM, Eduardo Scoz <[email protected]> wrote:
> Is there a list somewhere of all the possible requests that couchdb accepts > (like _changes, _all_docs, etc)? Blocking all requests by default and > making only the few things I would like to have available could be a > possibility. Not really. The reference I usually use is this one in the wiki[1], but it’s incomplete; I’ve added details as I discover them, but I’m sure there are other things missing. Your approach of whitelisting might be the best way to do it, especially since the db on the server will only be accessed by the TouchDB replicator, which is fairly predictable in the subset of API calls that it makes. I’m interested to see whether this works for you, because this would be useful to other people too. The Syncpoint database-per-user approach is IMHO cleaner and more flexible, but will take a fair bit of doing to implement properly, and JChris hasn’t had time to devote to it lately. —Jens [1]: http://wiki.apache.org/couchdb/Complete_HTTP_API_Reference
