We should publish it, maybe not in the CouchDB in the wild, but certainly in
the weekly blog post, as a cautionary tale.

It's not only a measure of honesty but, as Andy says, a service to present
and potential CouchDB users.

If the story serves to have one CouchDB admin check whether their install is
insecure and fix any problems, it will have helped.

My 2 cents,

JC

On 24/06/16 16:44, Andy Wenk wrote:
> That brings me to the point, that we do not have a CouchDB in the wild 
> section here:
> 
> https://cwiki.apache.org/confluence/display/COUCHDB/Planet+CouchDB
> 
> @Alex - can you remember, where we wanted to put articles like that to?
> 
> Answering the question if we should add the article at all: yes we should. 
> Even though it is really unfortunate what happened,
> it is a fact, that this is possible. But to take the good things out of this, 
> we will help users avoid such disasters with 2.0
> by setting admin party off by default. That’s the story we should tell ...
> 
> All the best
> 
> Andy
> 
> --
> Andy Wenk
> RockIt!
> 
> Hamburg / Germany
> 
> GPG public key: 
> https://pgp.mit.edu/pks/lookup?op=get&search=0x4F1D0C59BC90917D
> 
>> On 23 Jun 2016, at 15:55, Reddy B. <redd...@live.fr> wrote:
>>
>> Yea that's the only positive... Now the nasty thing would be to add them to 
>> the CouchDb in the Wild Page. Even though it's literally in the wild here
>>
>>> From: kxe...@gmail.com
>>> Date: Thu, 23 Jun 2016 16:49:42 +0300
>>> Subject: Re: 154 million voter records
>>> To: dev@couchdb.apache.org
>>>
>>> Finally we are sure that CouchDB is used for really big data in the wild (:
>>> --
>>> ,,,^..^,,,
>>>
>>>
>>> On Thu, Jun 23, 2016 at 4:34 PM, Jan Lehnardt <j...@apache.org> wrote:
>>>> Link here: 
>>>> http://news.softpedia.com/news/hackers-breach-us-company-and-unwittingly-expose-154-million-voter-records-505553.shtml
>>>>
>>>> All the more reason to get 2.0 out which has admin-party off by default, 
>>>> and to switch to private-by-default databases soon after.
>>>>
>>>> Best
>>>> Jan
>>>> --
>>>>
>>>>> On 23 Jun 2016, at 15:31, Paul Hammant <p...@hammant.org> wrote:
>>>>>
>>>>> It's in the news today. Multiple news sites incl. slashdot.
>>>>>
>>>>> Someone deployed couchdb on its default port - 5984 or w/o a strong ssl & 
>>>>> auth design.  Maybe.
>>>>>
>>>>> Sent from my iPhone
>>>>
>>>> --
>>>> Professional Support for Apache CouchDB:
>>>> https://neighbourhood.ie/couchdb-support/
>>>>
>>
> 

Reply via email to