Given that CouchDB exposes its functionality over HTTP through a RESTful
API, IMHO it should allow to define such important http headers for
security directly.
Only being able to rely on additional infrastructure to secure the system
is problematic. Indeed many production deployments will have such
Yes, it all depends on your definition of “long term” in your project in
relation to your estimation of the arrival of 4.0
j:)
> On 3 Jul 2020, at 08:29, Mody, Darshan Arvindkumar (Darshan)
> wrote:
>
> Thanks but the function list are marked deprecated so it would not be long
> term solution
Thanks but the function list are marked deprecated so it would not be long term
solution
Thanks
Darshan
-Original Message-
From: Johs Ensby
Sent: Friday, July 3, 2020 11:58 AM
To: user@couchdb.apache.org
Subject: Re: X-Content-Type-Options and strict-transport-security
Hi Darshan,
I h
Hi Darshan,
I haven’t tried this header, but you should be able to incude it in the "start"
from a design document list function
https://docs.couchdb.org/en/stable/ddocs/ddocs.html#list-functions
by adding another property to the headers object:
start({
'headers': {
Best option: use a reverse proxy like haproxy or nginx to inject these.
You can also terminate SSL at this layer for better SSL support and
performance.
-Joan
On 02/07/2020 05:01, Mody, Darshan Arvindkumar (Darshan) wrote:
Hi
In our project we would like to set the header X-Content-Type-Opti
Hi
In our project we would like to set the header X-Content-Type-Options and
strict-transport-security whenever CouchDB responds to an request
How can we set the headers?
Thanks in advance
Regards
Darshan
Hi Darshan,
Fauxton, the management GUI is just a web app that uses the CouchDB API that
your application uses as well.
The way to secure CouchDB is to secure who has access to the API. Whether or
not the management GUI is present makes no difference.
For example, if you have an CouchDB API en
Hi
We are using CouchDB as the database in our project. One of the concerns from
the Security team is the management GUI which can lead to vulnerabilities
.
Is there a way to disable the management GUI
Thanks
Darshan