Don't grant users access to databases you don't want them to read. :) http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization
B. On 6 March 2013 12:33, Mark Hahn <m...@hahnca.com> wrote: > Anyone logged in can read any document in the DB. I have to check each > user and what they are trying to do to block illegal actions. > > > On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnew...@apache.org> wrote: > >> "How does everyone solve the security issue?" >> >> What security problem? Only administrators can modify design documents. >> >> B. >> >> On 6 March 2013 11:38, Aurélien Bénel <aurelien.be...@utt.fr> wrote: >> > Hi, >> > >> >> just out of curiosity, would like to hear how CouchDB is being used in >> your web environment.... >> > >> > We have two main setups: >> > - CouchApps, >> > - REST APIs used by heavy clients (Java or Firefox extensions) and >> attached Web applications. >> > >> >> How does everyone solve the security issue? >> > >> > We always use CouchDB behind a reverse proxy to add LDAP authentication >> and authorization when needed. >> > >> > >> > Regards, >> > >> > Aurélien >>
