Hacker News new | past | comments | ask | show | jobs | submit login

by default CouchDB gives everyone in the world admin access to your instance

tl;dr I dont believe this is a couch issue in the slightest

That seems like a slightly generous interpretation...




http://guide.couchdb.org/draft/security.html


listening on the local device and having no UAC seems pretty standard to me.

If you want to expose anything, you have to do it very explicitly and as linked there are warnings and advice about doing so.


Process security is very common even when the process listens only on a socket.


I'm wondering what you mean here when you say "on the local device". Are you implying that it is guaranteed that the local device is not exposed? I don't see why you would have to explicitly expose something. The entire instance is exposed by default.


it listens on 127.0.0.1, not not on an external interface, it is not exposed by default


But that has nothing to do with the instance access control or the database access. Changing the listening interface isn't going to magically fix the default security setup.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: