How to make your Iris couchDB account secure

Question

I want to try out couchDB on Iris, but it seems really strange to me, as I didn't meet any security on my way to create a database and a document and delete as well, through the /_utils/ page. There is no password protected log in, no authentication, nothing. Anyone can create a database on your domain, if they know it.

Is there a way to make this functionality available only to an admin - me?

I admit I have not looked too much into the issue.

Thanks in advance!

Answer 1

And after a few days of searching I have found the answer:

In couchDB there is a server admin, that can do anything, or as stated here - "god mode".

IrisCouch and CouchDB in general by default provides any user the server admin rights, calling it "admins party". In IrisCouch, there is a server admins section on the bottom right of the utils page. (I wanted to post an image of it, but because of lack of reputation, I couldn't).

It will not change the user interface and for instance, the create database option will still be there, but the validation will stop you from creating a database.

But there is no straightforward way to protect the database from anonymous writes. The securing of the database itself is explained in the link. To clarify just one thing a first time user would encounter - a design document is created by giving at creation the field id a value starting with _design/. For instance in the current case: _design/blockAnonymousWrites

I know this is quite a novice issue, but NoSQL and CouchDB is terra incognita for me, for now, and I hope this will help someone like me.