Don't use a database account with administrator access in live version of API

TransforMap / data.transformap.co

Here you find a Node.js daemon to serve the public TransforMap web service.

https://data.transformap.co

GNU Affero General Public License v3.0

7 stars 2 forks source link

Don't use a database account with administrator access in live version of API #8

Open species opened 8 years ago

species commented 8 years ago

As database administrative rights are not needed during normal operation of the API, there should be a non-privileged user which credentials are stored in the running node application.

Maybe we should implement an "initialize" task which has to be run on the first time on installation of the application (admin user supplied via cmdline or ENV), which creates all the databases needed in couch.

So that if the API is compromised from outside, it at least has no administrative access to the DB.

species commented 8 years ago

The initialize process may create a non-priviledged user in this process and automatically add its (random-generated) password to config/local.js