On 08/10/2008, at 11:16 AM, Ayende Rahien wrote:
Really bad idea.Security through obscurity is no security. I can
listen on
the network and see what kind of requests are made, for example.
All security is via some sort of obscurity, be it obfuscated URLs,
passwords, a challenge response or the location of bumps on a key. The
only thing that differs is how hard it is to get that information.
Obviously having a properly secure session provide authentication is
the ideal, but I can think of many cases where a nearly unguessable
URL is plenty.
Funny this came up, I've had an email in my drafts folder for a couple
of weeks asking for some basic "security via obscurity" features for
similar purposes. I thought I'd wait until I'd decided exactly what I
wanted, but since it's come up ...
[from another reply]
On 08/10/2008, at 10:54 AM, Matthew King wrote:
Block requests to the all docs query, and you have the beginnings of a
capability system.
Not just that. You'll need a few more as well:
- ability to turn off all "write" access for a non-local IP
(especially post new views!)
- block meta functionality like all_docs, all_dbs, _utils, and
replication for non-local IPs
- set a limit on how many 404s could be served to a specific IP before
a timeout period began
and I'm sure there are more.
I'm aware that by proxying through another server like Apache or
Nginx, applying various rules or what not to stop those adminstrative
views being accessed. But the thing is, CouchDB already has a very
capable web server built in. All other things being equal, I'd like to
just have it serve the documents (well, attachments, I'm mainly
talking about) natively....
Sho
