CouchDB security for Android Devices (and iOS)

2019-07-21 16:16发布

I just worked myself through a wiki article and blogposts regarding CouchDB's security.

Now I am wondering how this is done in Android. The Android platforms security is relying on sandboxing applications, so config files can not be stored every but the app directory or maybe the sd card attached.

As I learned, server admins are configured in a .ini file and the require_valid_user settings as well in regular CouchDB instances.

On Android, I know, that uppon installation, CouchDB is storing a generated server admin with password to a textfile in the CouchDB application directory. How about the other configurations?

Is "require_valid_user" for example set to true by default( is this not necessary?), or how is this solved?

If it was not necessary, then I would like to know why :-)

(I also posted this question to the couchdb mailing list and will update the answer here if I get a suitable one)

Regards, Chris

1条回答
小情绪 Triste *
2楼-- · 2019-07-21 16:23

The short answer is that on Android CouchDB has no security.

CouchDB provisions itself an admin user / password, you can ask the service to provision you a database to which you are given admin credentials, an admin and a reader is set on that database so anonymous access isnt allowed and require_valid_user isnt needed.

However all of the data is then stored on external storage which has no security whatsoever, the frontdoor is fairly well bolted but the window is wide open, if you have sensitive data then you cannot use couch, this is the same for most applications that need to handle any sizable amounts of data on android.

Its worth mentioning that couchdb runs on localhost so the data is only sensitive to someone who has access to your device, it doesnt let people pick it up from wifi or such.

Going forward a few things are likely to change, ios requires each application to have its own couchdb install and its likely that android will follow the same model, this means each application will be given gull server admin credentials and can protect their data as they wish, once that issue has been fixed I will be looking into ways to move the data off the sdcard or secure the data on the sdcard.

查看更多
登录 后发表回答