Let's suppose that you deployed your html to http://127.0.0.1:5984/testdb/_design/frontend/Index.htm served by your CouchDB directly. How do you set up in a way that anonymous users are only able to access _design/front-end, but nothing else like futon management pages(_utils) Looks like you may be able to set up an account, but still anonymous users still are able to read futon management page(_utils) for all of database and documents... Thanks,
> Date: Wed, 6 Mar 2013 12:42:28 -0600 > Subject: Re: Curiosity how you use CouchDB in your web env. > From: rnew...@apache.org > To: user@couchdb.apache.org > > Don't grant users access to databases you don't want them to read. :) > > http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization > > B. > > On 6 March 2013 12:33, Mark Hahn <m...@hahnca.com> wrote: > > Anyone logged in can read any document in the DB. I have to check each > > user and what they are trying to do to block illegal actions. > > > > > > On Wed, Mar 6, 2013 at 9:51 AM, Robert Newson <rnew...@apache.org> wrote: > > > >> "How does everyone solve the security issue?" > >> > >> What security problem? Only administrators can modify design documents. > >> > >> B. > >> > >> On 6 March 2013 11:38, Aurélien Bénel <aurelien.be...@utt.fr> wrote: > >> > Hi, > >> > > >> >> just out of curiosity, would like to hear how CouchDB is being used in > >> your web environment.... > >> > > >> > We have two main setups: > >> > - CouchApps, > >> > - REST APIs used by heavy clients (Java or Firefox extensions) and > >> attached Web applications. > >> > > >> >> How does everyone solve the security issue? > >> > > >> > We always use CouchDB behind a reverse proxy to add LDAP authentication > >> and authorization when needed. > >> > > >> > > >> > Regards, > >> > > >> > Aurélien > >>
