Tag Archives: Security

Using CouchDB in Rookeries – Part 3 – Configuring a Remote CouchDB Server

Posted on by

In the previous instalment of this series I wrote about installing and
managing on a remote server. Now lets talk about configuring CouchDB so that
it can run as a production server. This will not cover CouchDB’s
configuration extensively, rather I will touch on the parts relevant to
Rookeries.

Configuring CouchDB

CouchDB can be configured in two way: either by modifying the INI setting files
located in the /etc/couchdb/ or by visiting the Configuration UI in Futon:
e.g. http://localhost:5984/_utils/config.html I went with the route of editing the local.ini file via Ansible.

Configuring Users Authentication on CouchDB

The default installation of CouchDB does not force you to declare and secure
users. Users and user authentication is totally optional. However since I
did not want open up my production database to the world.

Adding an Admin User

I first added an admin user to the CouchDB configuration. This user being the
admin user for the entire CouchDB server, rather than an individual database.
The change consisted of adding a value for the user and password, under the
admins section:

[admins]
admin = password

If you’re worried about leaving your password in plain-text in the
configuration, then don’t. After restarting CouchDB (via the Upstart service)
this password gets hashed.

Admin Party No More – Enforcing User Authentication

By default CouchDB runs in what is “admin party” mode, meaning you do not need to log in to make admin or user changes on the server. Naturally for a production server that is not something you want to do. So you have to enable requiring user login:

[couch_httpd_auth]
require_valid_user = true

Getting CouchDB to Talk with the Rest of the World

This part is optional, however if you want CouchDB accessible from more than
the localhost you have configure it to allow connections from multiple sites.
I needed this since I use Codeship as a continuous integration (CI) service for Rookeries, and I wanted to run integration and end-to-end tests using my production database server. (In an ideal world I would have a separate CouchDB server just for testing or have a CI that has a local instance of CouchDB.)

Binding Addresses

The trick to allowing this is to set the right binding address for CouchDB.
This can be done by changing the bind_address value in the httpd section of the configuration as such:

[httpd]
bind_address = 0.0.0.0

By default this just localhost or 127.0.0.1. You can also setup the
configuration differently. One thing that I am not sure of is passing a
range or a list of different bind addresses. I am not sure this is possible
based on the documentation that I have seen.

What about HTTPS?

CouchDB has options to handle HTTPS and SSL natively. I personally have not configured my site to use HTTPS, since none of my sites
do so currently. Getting certificates and everything setup for all my sites
is a bit involved so I have avoided the issue for the time being. I plan on
getting around to do so in the future.

However if you have the time and option to setup HTTPS, please do so! Putting
up another layer of security around a production CouchDB will help. More
importantly HTTPS gives you and your end users a degree of privacy, that is
rare in these Post-Snowdown times.

Groogy Weather, Groggy Me

Posted on by

Greetings again, and sorry about missing two day of updates. Dealing with stress, putting up with administrative nonsense, writing assignments, attempting to dance around illness and living with the sudden wacky cold-wet weather, puts me in a mood where I rather not even poke my nose from under the blanket. On the bright side, everything is falling into place.

The instructors of two of my course, kindly set the hand-in date for my course work until December 20. That gives me some breathing room, and lets me concentrate on the three assignments due on Friday. Next week I get to study for exams and work on the later assignments.

Carmen Hung, the new leader of our CSC454 or Business of Computing, handled getting everyone to work on the last assignment wonderfully. The paper still in the works, weighs in currently at a hefty 41 pages, and 24% of our term work. The business plan is coming along, not as fast as I wanted it. Still no complaints, as yesterday I came home late and crashed. I spent this entire morning getting over my tiredness “hangover”. When I finish blogging this entry, I will stock up on caffeine again.

Katarina Halan, classroom friend and almost my girlfriend, let me work with her on the CSC347 or Information Security assignment. We spent about 16 hrs on Sunday working only on the assignment. After hours of hacking, half-working and actual coding we finished the assignment. Thanks Kat for yesterday’s coffee “date”. Sorry about the Tim Horton’s coffee, next time I will buy some good coffee from Second Cup instead.

My last assignment after the “Business” course, deals with the unfortunate CCT209 Foundations of Research course. I am so behind in that course, it stopped being funny months ago. My group started on Monday, but since my e-mail to them, I saw no work. I guess I have to juggle this assignment and writing the business plan. Bother. Guys, you better get on the ball soon.

As for my open source project and my other blog, One-Time Trash Pad both I place on hold until I meet Friday’s deadline. I have too much at stake to deal with any side projects. If I don’t update this blog anytime before December 20, please do not be surprised. I will try my best, but no promises.

Until then wish me luck. I need all the luck I to overcome the stress, the weather and my own sluggishness.

Panic Supression and Firefighting

Posted on by

Day 3 of Hell week #1.
At least the security assignment is out of the way. I wish I could say the same about the library research assignments. Moral of the story: Don’t take too many assignment/paper courses in one term, and verify that the courses assignments are before the frigging midterm comes. Well too late now.

Got back to writing/editing articles today. Writing free-form seems to give me a morale boost, whenever I do so. So does blogging apparently. Only 5 more classes, 10 more assignments (half of them from writing), 3 more exercises and 3 exams. Then a nice break, from school.

I wonder what I will do during the break. Working part-time definitely. Partying? If I am lucky. Maybe I will get some book writing or coding done. But first things first, assignments. With those out of the way, the panic and constant firefights will all go away.