Reputation: 315
How to prevent anonymous users reading couchdb?
I want to remotely manage couchdb by curl using the administrator account, but I found that anonymous users can also read some information , like _all_dbs, which is not what I want. It seems that couchdb allows anonymous users using GET and HEAD methods, so how can I prevent it? What I want is only administrators are allowed.
I have made the following settings in local.ini:
require_valid_user = true
WWW-Authenticate = Basic realm="administrator"
Thanks & regards
Upvotes: 3
Views: 934
Answers (1)
Reputation: 356
Assuming you disabled Admin party mode. Try setting both valid users fields like so:
[couch_httpd_auth]
require_valid_user = true
[chttpd]
require_valid_user = true
As per the docs, one is for clustered port and the other is node-local port.
EDIT: I forgot about the membership.
You need to set each Database Security object. And put some members in the members and admins fields. You can do this via Fauxton GUI by clicking on the "lock" icon next to each database. Or by doing PUT /db/_security with the appropriate json. From the docs (emphasis mine).
If there are any member names or roles defined for a database, then only authenticated users having a matching name or role are allowed to read documents from the database.
Upvotes: 3
Related Questions
- How to stop non-admin users from viewing your CouchDB database through Futon?
- How to Secure CouchDB
- How do I make private docs alongside public docs in a CouchDB database?
- How do I prevent anonymous users from deleting/editing my documents in couchDB?
- CouchDB Authorization on a Per-Database Basis
- Couchdb Authentication / Authorisation
- How do I limit a CouchApp's access to CouchDB's `_user` table?
- How can I make user creation public but read access private in CouchDB?
- Can I restrict unauthenticated users from accessing _all_docs?
- CouchDB - prevent unauthorized reads