I want to try out couchDB on Iris, but it seems really strange to me, as I didn't meet any security on my way to create a database and a document and delete as well, through the /_utils/ page. There is no password protected log in, no authentication, nothing. Anyone can create a database on your domain, if they know it.
Is there a way to make this functionality available only to an admin - me?
I admit I have not looked too much into the issue.
Thanks in advance!
And after a few days of searching I have found the answer:
In couchDB there is a server admin, that can do anything, or as stated here - "god mode".
IrisCouch and CouchDB in general by default provides any user the server admin rights, calling it "admins party". In IrisCouch, there is a server admins section on the bottom right of the utils page. (I wanted to post an image of it, but because of lack of reputation, I couldn't).
It will not change the user interface and for instance, the create database option will still be there, but the validation will stop you from creating a database.
But there is no straightforward way to protect the database from anonymous writes. The securing of the database itself is explained in the link. To clarify just one thing a first time user would encounter - a design document is created by giving at creation the field id a value starting with _design/. For instance in the current case: _design/blockAnonymousWrites
I know this is quite a novice issue, but NoSQL and CouchDB is terra incognita for me, for now, and I hope this will help someone like me.