Re: Common security pattern?

Sun, 03 Jan 2010 10:14:32 -0800 

Hi,


On Jan 3, 2010, at 6:31 AM, Paweł Stawicki <pawelstawi...@gmail.com>

It is unevitable that if DB is accessible in the internet, everyone
can edit/add/delete documents. After all, this is what I want. But I
don't want to allow deletion of whole database. Or access to another
databases on the same CouchDB server.



Even if I can prevent deletion of whole database, I can't prevent

deletion of single documents, and malicious user could delete them  
one

by one.



So in a nutshell, I have questions:
1. Is it possible to prevent deletion of database?

2. Is it possible to prevent deletion of documents? Or, even  
better...
3. ...is it possible to limit number of deleted documents for  
specific

IP for time unit. E.g. one document deletion per minute?



I am quite green in this area, but I've been thinking a bit about this  
lately and IMHO you can do several things:



First, you can hook up your application with some reverse-proxy, as  
Sean Hess adviced. This way you can expose only the URL to one  
database (and possibly to the _design/myapp document, so you get nicer  
URLs). In Nginx, you'd do something like this: http://gist.github.com/268061 
, it would be very similar in Apache. This way, you're not exposing  
the whole couch, but only that specific database, restricting the  
access.



Then, you can implement basic authentication [http://books.couchdb.org/relax/reference/security 
], which basically will disallow anyone to create/delete design docs  
and other stuff  (see the relax book for listing.) Anyone un- 
authorized can still create/update/delete "regular" documents, which  
is what you want.



Then again, you can restrict deleting/updating/etc docs to the user  
who originally created those (which is basically what @jchrisa's sofa  
does, see http://github.com/jchris/sofa/blob/master/validate_doc_update.js#L12-14) 
, or disallow deleting docs entirely (again see @jchrisa's toast, http://github.com/jchris/toast/blob/master/validate_doc_update.js#L10-14) 
. (In a Wiki, it could make sense to disallow deleting docs, unless  
authorized, etc)



I am not sure how to limit number of deletions per IP+time, unless you  
have some authentication info about the user...


Karel





















					Reply via email to