That's a false equivalence. You should not open couchdb to the world before you set an administration password in the first place. :)
B. On 15 April 2013 15:55, Tim Tisdall <tisd...@gmail.com> wrote: > Still don't see how ssh'ing in as root is anywhere as bad as having your > CouchDB open to the world with no password... > > If you had two machines, one with no password and public access to CouchDB > and another one with someone logged in via SSH as root and someone asked > you to delete the DB on one of those machines, which one would you go after? > > > On Mon, Apr 15, 2013 at 10:23 AM, Keith Gable > <zi...@ignition-project.com>wrote: > >> wow indeed. >> >> --- >> Keith Gable >> A+, Network+, and Storage+ Certified Professional >> Apple Certified Technical Coordinator >> Mobile Application Developer / Web Developer >> >> >> On Mon, Apr 15, 2013 at 9:18 AM, Robert Newson <rnew...@apache.org> wrote: >> >> > wow. >> > >> > On 15 April 2013 15:15, Tim Tisdall <tisd...@gmail.com> wrote: >> > > What's wrong with ssh'ing as root? >> > > >> > > >> > > On Mon, Apr 15, 2013 at 10:08 AM, Keith Gable < >> > zi...@ignition-project.com>wrote: >> > > >> > >> But you're SSHing as root, which is probably worse than opening >> CouchDB >> > to >> > >> the world with no password. >> > >> >> > >> --- >> > >> Keith Gable >> > >> A+, Network+, and Storage+ Certified Professional >> > >> Apple Certified Technical Coordinator >> > >> Mobile Application Developer / Web Developer >> > >> >> > >> >> > >> On Mon, Apr 15, 2013 at 8:45 AM, Tim Tisdall <tisd...@gmail.com> >> wrote: >> > >> >> > >> > Instead of opening CouchDB to the world, I simply access it by >> > >> > port-forwarding through ssh when I connect to the machine. Like >> this: >> > >> > >> > >> > ssh -L 5984:127.0.0.1:5984 r...@mymachine.com >> > >> > >> > >> > Then on my local machine I can simply access >> > >> http://localhost:5984/_utils/and >> > >> > up comes futon. It depends on your use-case, but this works well >> for >> > me. >> > >> > >> > >> > >> > >> > >> > >> > On Mon, Apr 15, 2013 at 7:14 AM, Stefan Reich < >> > >> > stefan.reich.maker.of....@googlemail.com> wrote: >> > >> > >> > >> > > Hmm... maybe you guys can help me solve the rest of the problem? >> > >> (Access >> > >> > to >> > >> > > couchdb from outside) >> > >> > > >> > >> > > These are the last iptables rules in chain INPUT:; >> > >> > > >> > >> > > MY_REJECT all -- anywhere anywhere >> > >> > > ACCEPT tcp -- anywhere anywhere tcp >> > >> dpt:5984 >> > >> > > >> > >> > > Is that not what it should be...? Says "anywhere"... everywhere. >> > Heh. >> > >> > > >> > >> > > Cheers, >> > >> > > Stefan >> > >> > > >> > >> > > >> > >> > > On Mon, Apr 15, 2013 at 1:08 PM, Stefan Reich < >> > >> > > stefan.reich.maker.of....@googlemail.com> wrote: >> > >> > > >> > >> > > > OK, thanks for all the answers, folks. It was indeed iptables >> that >> > >> > > blocked >> > >> > > > the port. This stuff should be designed (much) better in >> operating >> > >> > > systems. >> > >> > > > >> > >> > > > Actually it's a project of mine to make that better (LuaOS and >> its >> > >> > > > follow-ups). >> > >> > > > >> > >> > > > I got iptables to allow access locally now. Weirdly, it still >> > doesn't >> > >> > > work >> > >> > > > over the Internet. And no, the server is not behind a >> firewall... >> > :) >> > >> > > > >> > >> > > > Thanks, >> > >> > > > Stefan >> > >> > > > >> > >> > > > >> > >> > > > On Thu, Apr 11, 2013 at 3:30 AM, Andrey Kuprianov < >> > >> > > > andrey.koupria...@gmail.com> wrote: >> > >> > > > >> > >> > > >> See if your local.ini bind_address is set to 0.0.0.0 so that >> you >> > can >> > >> > > >> access >> > >> > > >> it locally and remotely. >> > >> > > >> >> > >> > > >> >> > >> > > >> On Thu, Apr 11, 2013 at 2:54 AM, Stanley Iriele < >> > >> siriele...@gmail.com >> > >> > > >> >wrote: >> > >> > > >> >> > >> > > >> > A simple cat of etc/hosts... Should let you know!... And >> maybe >> > >> > > nsswitch >> > >> > > >> > just to be sure >> > >> > > >> > On Apr 10, 2013 11:22 AM, "Robert Newson" < >> rnew...@apache.org> >> > >> > wrote: >> > >> > > >> > >> > >> > > >> > > Are you sure localhost == 127.0.0.1 on your machine? >> > >> debian/ubuntu >> > >> > > are >> > >> > > >> > > notorious for changing that convention. >> > >> > > >> > > >> > >> > > >> > > On 10 April 2013 14:20, Stanley Iriele < >> siriele...@gmail.com >> > > >> > >> > > wrote: >> > >> > > >> > > > Why are you telneting to it?...try curling it and see >> > whatviy >> > >> > > >> responds >> > >> > > >> > > with >> > >> > > >> > > > On Apr 10, 2013 10:47 AM, "Stefan Reich" < >> > >> > > >> > > > stefan.reich.maker.of....@googlemail.com> wrote: >> > >> > > >> > > > >> > >> > > >> > > >> Oops, bad copy&paste - here's the actual process info: >> > >> > > >> > > >> >> > >> > > >> > > >> root@pussy-riot-germany:~/luastuff# ps -aef|grep 7651 >> > >> > > >> > > >> couchdb 7651 7650 0 19:44 pts/0 00:00:00 >> > >> > > >> > > >> /usr/lib/erlang/erts-5.8/bin/beam.smp -Bd -K true -- >> -root >> > >> > > >> > > /usr/lib/erlang >> > >> > > >> > > >> -progname erl -- -home /var/lib/couchdb -- -noshell >> > -noinput >> > >> > > -sasl >> > >> > > >> > > >> errlog_type error -couch_ini /etc/couchdb/default.ini >> > >> > > >> > > >> /etc/couchdb/local.ini /etc/couchdb/default.ini >> > >> > > >> /etc/couchdb/local.ini >> > >> > > >> > > -s >> > >> > > >> > > >> couch -pidfile /var/run/couchdb/couchdb.pid -heart >> > >> > > >> > > >> couchdb 7682 7651 0 19:44 ? 00:00:00 heart >> -pid >> > >> 7651 >> > >> > > >> -ht 11 >> > >> > > >> > > >> >> > >> > > >> > > >> Cheers, >> > >> > > >> > > >> Stefan >> > >> > > >> > > >> >> > >> > > >> > > >> >> > >> > > >> > > >> On Wed, Apr 10, 2013 at 7:46 PM, Stefan Reich < >> > >> > > >> > > >> stefan.reich.maker.of....@googlemail.com> wrote: >> > >> > > >> > > >> >> > >> > > >> > > >> > Hi there! >> > >> > > >> > > >> > >> > >> > > >> > > >> > I'd like to start using CouchDB for my projects. >> > >> > > >> > > >> > >> > >> > > >> > > >> > This is on a Linux host. CouchDB installed from >> standard >> > >> > Debian >> > >> > > >> > > package, >> > >> > > >> > > >> > no settings altered. But it doesn't start properly: >> > >> > > >> > > >> > >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# uname -a >> > >> > > >> > > >> > Linux pussy-riot-germany 2.6.32-042stab068.8 #1 SMP >> Fri >> > >> Dec 7 >> > >> > > >> > 17:06:14 >> > >> > > >> > > >> MSK >> > >> > > >> > > >> > 2012 i686 GNU/Linux >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# >> /etc/init.d/couchdb >> > >> > start >> > >> > > >> > > >> > Starting database server: couchdb. >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# >> /etc/init.d/couchdb >> > >> > status >> > >> > > >> > > >> > Apache CouchDB is running as process 7651, time to >> > relax. >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# telnet localhost >> > 5984 >> > >> > > >> > > >> > Trying ::1... >> > >> > > >> > > >> > Trying 127.0.0.1... >> > >> > > >> > > >> > telnet: Unable to connect to remote host: Connection >> > >> refused >> > >> > > >> > > >> > >> > >> > > >> > > >> > Connection refused? >> > >> > > >> > > >> > >> > >> > > >> > > >> > Here's the process info: >> > >> > > >> > > >> > >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# uname -a >> > >> > > >> > > >> > Linux pussy-riot-germany 2.6.32-042stab068.8 #1 SMP >> Fri >> > >> Dec 7 >> > >> > > >> > 17:06:14 >> > >> > > >> > > >> MSK >> > >> > > >> > > >> > 2012 i686 GNU/Linux >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# >> /etc/init.d/couchdb >> > >> > start >> > >> > > >> > > >> > Starting database server: couchdb. >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# >> /etc/init.d/couchdb >> > >> > status >> > >> > > >> > > >> > Apache CouchDB is running as process 7651, time to >> > relax. >> > >> > > >> > > >> > root@pussy-riot-germany:~/luastuff# telnet localhost >> > 5984 >> > >> > > >> > > >> > Trying ::1... >> > >> > > >> > > >> > Trying 127.0.0.1... >> > >> > > >> > > >> > telnet: Unable to connect to remote host: Connection >> > >> refused >> > >> > > >> > > >> > >> > >> > > >> > > >> > Please help, dear experts... :) >> > >> > > >> > > >> > >> > >> > > >> > > >> > Cheers, >> > >> > > >> > > >> > Stefan >> > >> > > >> > > >> > >> > >> > > >> > > >> > >> > >> > > >> > > >> >> > >> > > >> > > >> > >> > > >> > >> > >> > > >> >> > >> > > > >> > >> > > > >> > >> > > >> > >> > >> > >> >> > >>
