Detect security issues in an Apache CouchDB server
APACHE-2.0 License
Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security.
Audit CouchDB will perform the following actions:
validate_doc_update
functionCurrently, Audit CouchDB is a Node application distributed via NPM. Install it (globally) via npm
.
npm install -g audit_couchdb
Next, run the tool with your CouchDB URL as a parameter. You should connect as an admin user, so Audit CouchDB can fetch all possible information (such as the configuration).
audit_couchdb https://admin:secret@localhost:5984
The tool will output everything it knows about your couch's security.
To see how audit_couchdb
is working, set its log level to debug. It will show you each query it makes as it learns facts about your couch.
audit_couchdb --level=debug https://admin:secret@localhost:5984
Audit CouchDB is implemented as a library, depending on a back-end request library, and a front-end to display the output (simple console text output, or log4j if it is installed).
I recently re-implemented request
in the browser as jQuery Request. Thus I am excited to see Audit CouchDB run on the browser, however I have not begun this work.