Hi Jim, I don't know of a way to do this using simply couchdb. Probably the best (standard?) way to ensure that only the pieces of the API are available which you want is to use a reverse proxy, e.g. nginx. Indeed, it is much easier and safer to explicitly turn on the things you want, then to try to turn off everything you don't need.
Cheers, Mike On Tue, Jul 28, 2015 at 2:39 AM, jumbo jim <jumboji...@gmail.com> wrote: > Hi, > > It is possible to disable the "_all_docs" feature by editing the local.ini > and entering the following - > > [httpd_db_handlers] > _all_docs = > > However, I then realised that a user could basically get a full listing of > all documents by requesting _changes. So, I now use - > > [httpd_db_handlers] > _all_docs = > _changes = > > > Do I need to close anything else off if I want to prevent a particular user > from seeing a list of all documents? > > > > Also - is it possible to do disable _all_docs/ and _changes for only > specific databases? I would still like the admin to use _all_docs/ and > _changes > > Thanks >
