On Wed, Dec 31, 2014 at 9:16 AM, jumbo jim <[email protected]> wrote: >> The easiest way is indeed to put CouchDB behind a proxy, but for >> _all_docs you can just remove this http endpoint from config by adding >> the following in your local.ini >> > > > Thanks Alexander. > > Is it possible to remove _replicate in the same manner? It occurred to me > that the user could simply replicate all documents out to his own database > also. Don't need to be an admin for replication. > > If not, I suppose the proxy route I will have to go.
You can remove _replicate, but it won't prevent users to replicate their documents since replication happens not by magic, but because of using public CouchDB HTTP API. You'll actually be forces to disable access to the document in database at all for everyone. I would recommend you to revisit your authorization policy and, since you seems not happy with exposing CouchDB as is to the world, application architecture, because you eventually going to have some functional middleware in front of CouchDB. -- ,,,^..^,,,
