- CouchDB and PHP Web Development Beginner’s Guide
- Tim Juravich
- 142字
- 2021-08-13 18:22:54
Time for action — anonymously accessing the _users database
Let's go through a quick exercise of calling a curl statement to the _users database to see why it's important to secure our data.
- Open Terminal.
- Run the following command, replacing
your_usernamewith the username of the server admin that you just created.curl localhost:5984/_users/org.couchdb.user:your_username | python -mjson.tool - Terminal will respond with something similar to:
{ "_id": "org.couchdb.user:your_username", "_rev": "1-b9af54a7cdc392c2c298591f0dcd81f3", "name": "your_username", "password_sha": "3bc7d6d86da6lfed6d4d82e1e4d1c3ca587aecc8", "roles": [], "salt": "9812acc4866acdec35c903f0cc072c1d", "type": "user" }
What just happened?
You used Terminal to create a curl request to read the document containing your server admin's data. The passwords in the database are encrypted, but it's possible that someone could still unencrypt the password or use the usernames of the users against them. With that in mind, let's secure the database so that only administrators can access this database.
推薦閱讀
- Kali Linux Web Penetration Testing Cookbook
- PyTorch自動駕駛視覺感知算法實戰
- jQuery EasyUI網站開發實戰
- Apache Spark 2 for Beginners
- 軟件測試項目實戰之性能測試篇
- Functional Programming in JavaScript
- C++面向對象程序設計習題解答與上機指導(第三版)
- 區塊鏈底層設計Java實戰
- Mastering Git
- Java EE企業級應用開發教程(Spring+Spring MVC+MyBatis)
- 3D Printing Designs:The Sun Puzzle
- 游戲設計的底層邏輯
- Java程序設計
- Spring Boot學習指南:構建云原生Java和Kotlin應用程序
- JSP應用與開發技術(第3版)