I watched DEFCON, devoted to NoSQL at all and CouchDB in particular. They observe some vectors of attack like access to client library(Pseudo SQL Transparent layer), access to db and then brute keys.(in Schema-less way), json/view injection. If i left access to db direct from internet, and use in db validation, authentication. Does that way make my database less secure?
Unfortunately, the lack of experience of working with CouchDB prevents an accurate analysis, rely on your opinion dear colleagues.
Thank you.
No, I would not do this.
I don't feel the CouchDB security is granular enough to make it suitable to be posted on the internet. There's no way to let "some" data through, and not all. On a normal SQL DB, you can restrict some tables, etc. But not in Couch. Being schema-less and a document store, a document is a document is a document, whether it's a "secret" or "important" one or not.
It's a fine back end, but not on the wild internet.