Detect security issues in an Apache CouchDB server
Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security.
Audit CouchDB will perform the following actions:
Currently, Audit CouchDB is a Node application distributed via NPM. Install it (globally) via
npm install -g audit_couchdb
Next, run the tool with your CouchDB URL as a parameter. You should connect as an admin user, so Audit CouchDB can fetch all possible information (such as the configuration).
The tool will output everything it knows about your couch's security.
To see how
audit_couchdb is working, set its log level to debug. It will show you each query it makes as it learns facts about your couch.
audit_couchdb --level=debug https://admin:secret@localhost:5984
Audit CouchDB is implemented as a library, depending on a back-end request library, and a front-end to display the output (simple console text output, or log4j if it is installed).
I recently re-implemented
request in the browser as jQuery Request. Thus I am excited to see Audit CouchDB run on the browser, however I have not begun this work.