Re: Proposing couchdb-glib and evolution-couchdb for GNOME 2.30

From: Rodrigo Moya <rodrigo gnome-db org>
To: Florian Ludwig <dino phidev org>
Cc: GNOME Desktop Devel List <desktop-devel-list gnome org>
Subject: Re: Proposing couchdb-glib and evolution-couchdb for GNOME 2.30
Date: Sun, 04 Oct 2009 10:45:55 +0200

On Sat, 2009-10-03 at 17:02 +0200, Florian Ludwig wrote:
> Hi
> 
> i dig a little into couchdb/desktop-couch and am wondering about
> security. Did I understand it right that desktop-couch starts couchdb on
> a random port without any password requirements, bound to 127.0.0.1?
> While not being attackable from the outside, still every program
> regardless which users runs it can read my contact list? Or did I got
> something wrong?
> 
yes, you missed the OAuth authentication that is enabled by default in
desktopcouch. All couchdb HTTP requests need to be signed with the OAuth
signature. For remote servers, you can set it up also with OAuth, or
with simple username/password credentials

References:
- Proposing couchdb-glib and evolution-couchdb for GNOME 2.30
  - From: Rodrigo Moya
- Re: Proposing couchdb-glib and evolution-couchdb for GNOME 2.30
  - From: Florian Ludwig

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]