Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Couchdb - Block futon for readers users

I want to know how block the acess to futon (_utils) in couchdb for readers, allowing the access only for admins. I need to do this why if a reader user acess the futon he can see the name of all my databases and how many documents there are. My application should let a reader acess an document only if he have the id of them.

like image 493
Manobi Avatar asked Oct 23 '10 17:10

Manobi


3 Answers

Quoting CouchDB's homepage:

You can even serve web apps directly out of CouchDB.

You can disable the futon interface by opening default.ini from Program Files (x86)\Apache Software Foundation\CouchDB\etc\couchdb and commenting out the following line by putting a semi-colon in front of it:

;_utils = {couch_httpd_misc_handlers, handle_utils_dir_req, "../share/couchdb/www"}

You can find this line under the [httpd_global_handlers] header. This will completely disable the _utils handler and effectively disable Futon. You can re-enable it by uncommenting this line.

If you are serving an app directly out of Couch there are other handlers you may want to disable as well like the _all_dbs handler. This and other handlers can be found under the [httpd_global_handlers] section or the [httpd_db_handlers] section.

like image 89
skinneejoe Avatar answered Oct 21 '22 17:10

skinneejoe


Even if you block futon, people will be able to find the list of databases using the couchdb API. I think the right solution is to put a webserver in front of couchdb and expose only what you need.

like image 21
Anand Chitipothu Avatar answered Oct 21 '22 17:10

Anand Chitipothu


You can go with any webserver but if you want a javascript focused approach then use node.js. http://nodejs.org/

like image 33
MrCrapper Avatar answered Oct 21 '22 17:10

MrCrapper