Heya Paul,
all good questions, I think you’d have to ask the Bitnami folks about this
specifically, or hire someone (*cough*) to make an external assessment.
Best
Jan
--
> On 23. May 2017, at 14:21, Paul Hammant wrote:
>
> https://bitnami.com/stack/couchdb
>
> One click* will get you a couch instance in Google or Amazon's infra. At
> least in Google's case they handle SSL off in the tier above ... but what
> else has been hardened about these ?
> Does anyone know?
> Is there a couch_vulns.sh script one can run against a couch install to
> look for issues?
>
> Although WannaCry was in the news last week, Couch was too in Jan -
> http://www.pcworld.com/article/3159527/security/attackers-start-wiping-data-from-couchdb-and-hadoop-databases.html
> ,
> https://lists.apache.org/thread.html/5bfd5b30613ac918276bab64a01f00cb451a19624a212b288ffe43b5@%3Cdev.couchdb.apache.org%3E
> and a consequential blog entry from this group that I can't find right now.
>
> - Paul
>
> * not really one click, but close.
--
Professional Support for Apache CouchDB:
https://neighbourhood.ie/couchdb-support/