Huy's Notes
Restrict access to CouchDB database

Restrict access to CouchDB database

#security #operating #database

It's always a bad idea to allow direct access from the frontend to your database. Not only that you cannot hide much of the sensitive business logic parts in your backend, but it posed a huge security risk.

When using CouchDB and PouchDB for the frontend, you might want to proxy the connection from PouchDB to your actual CouchDB instance, by doing this, you can have more control and may sleep better during the night.

The idea is to pipe the request from frontend to your database using something like:

app.all('/db/*', function (req, res) {
  // Do something here
  const suffix = req.url.replace("/db/", "");
  req.pipe(request(ACTUAL_DB_URL + suffix)).pipe(res)
})

And on your frontend:

var remoteDB = new PouchDB('https://your-api/db/')

Source: Synching PouchDB with remote DB - Gleb Bahmutov.

Referred in


If you think this note resonated, be it positive or negative, please feel free to send me an email and we can talk.