上QQ阅读APP看书,第一时间看更新
Time for action — anonymously accessing the _users database
Let's go through a quick exercise of calling a curl statement to the _users database to see why it's important to secure our data.
- Open Terminal.
- Run the following command, replacing
your_usernamewith the username of the server admin that you just created.curl localhost:5984/_users/org.couchdb.user:your_username | python -mjson.tool - Terminal will respond with something similar to:
{ "_id": "org.couchdb.user:your_username", "_rev": "1-b9af54a7cdc392c2c298591f0dcd81f3", "name": "your_username", "password_sha": "3bc7d6d86da6lfed6d4d82e1e4d1c3ca587aecc8", "roles": [], "salt": "9812acc4866acdec35c903f0cc072c1d", "type": "user" }
What just happened?
You used Terminal to create a curl request to read the document containing your server admin's data. The passwords in the database are encrypted, but it's possible that someone could still unencrypt the password or use the usernames of the users against them. With that in mind, let's secure the database so that only administrators can access this database.