The easiest way is indeed to put CouchDB behind a proxy, but for _all_docs you can just remove this http endpoint from config by adding the following in your local.ini
[httpd_db_handlers] _all_docs = Suddenly, for _purge you cannot do the same trick. However, you might want to open issue on JIRA about since this looks like is an unwelcome behaviour. -- ,,,^..^,,, On Tue, Dec 30, 2014 at 6:38 AM, jumbo jim <[email protected]> wrote: > Hi, > > I don't want a particular user to be able to delete any documents - only > create/update. I have a design doc to prevent normal deletion - > > function(newDoc, oldDoc, userCtx, secObj) { > if ( (newDoc._deleted === true) && (userCtx.roles.indexOf('_admin') === > -1) ) { > throw({forbidden: 'no way!'}); > } > else{ > return; > } > } > > However, the user can still purge! Is there a way to stop this? > > Also, is there a way to hide all docs? ie, block this - > http://localhost:5984/DB/_all_docs > > I know I could put a proxy in between and block/rewrite _purge or > _all_docs, but is there an easier way? > > Thanks
