How to secure CouchDB in the Admin Party mode

Question

Hi!

I am using BigCouch which is a very good implementation of scalable CouchDB cluster. But it has a small problem - it doesn't support CouchDB 1.0-style Security features very well. So it must stay in the Admin Party mode.

What are the options to secure a CouchDB instance in the Admin Party mode. Each user should have their own database and they are allowed to CRUD non-design docs, query views but not allowed to CRUD design docs, do compactions and other stuff, just like a reader in CouchDB Security

Is it possible to enable this kind of security outside CouchDB. With a web proxy or a messaging system, perhaps?

Thanx a lot

Answer 1

Yeah, I think your best bet would be to put a proxy in front of BigCouch and enforce your security rules in the proxy.

You might be able do this by using Apache or nginx as the front-end proxy and writing rewrite rules to forward or reject requests depending on the username, I'm not sure.

However, I'd think it'd be more effective and straightforward, and easier to implement and manage, to implement the proxy with code.

My team has had success implementing a HTTP proxy with custom logic on Node.js. There's a solid library named node-http-proxy, and this post has some good sample code showing how to implement a simple proxy from scratch and add custom logic.

HTH!