Secure a couchdb database
« Tuesday, October 14, 2014 »

couchdb security

Unlike other database, couchdb can be used as a frontend database available directly through http. Couchdb security works in two modes: the admin party and secured. As long as there are no admins setup on the server, the server will work in admin party. When in admin party, anyone can do anything. When an admin is created on the database, the couchdb instance switch in a secured mode where there are 3 different types of users.

  • Server admins: They can do anythin on the couchdb instance
  • Database admin: They can modify database designs and update documents
  • Members: They can add and edit documents but cannot change design documents

In order to secure a couchdb instance, the first thing you'd have to do is to create a server admin.

Database admins can be added to individual databases. Those admins will be granted the right to edit design documents on the databases they are added to as admin. They have no right on database that don't have them in the list of admins.

At this point, the database is still considered public. Any user can create or fetch documents. If you have to store some private informations. It is necessary to create a database in which only the users that should have access to its content are marked as members. For this reason, it is quite frequent that developers create a database per users. In the couchdb world, it isn't something strange to do considering how data can be accessed. In other word, as soon as a member is added to a database, the database become private only to its members and admins.

One last step, the _users database is special in some way, it is possible to create new documents but it isn't possible to fetch any document from it unless you are an admin. Registration is enabled by default, which means that anybody can create a user on your couchdb server. If for some reasons, you'd like to disable user creation, you can add this small snippet of code inside the validate_doc_update function in the _design/auth document of the users database.

if (userCtx.roles.indexOf('_admin') === -1) {
    throw({forbidden: "Only admins can create users"});
}

Once you secured correctly your databases and server instance, you might be able to relax once again.

comments powered by Disqus

Copyright © 2015 Loïc Faure-Lacroix