[yatsyk]

> What kind of document are you looking for here? > There is [1], but yeah, that covers access controls. As do the MongoDB [2] and Postgres [3] documents.

Mongo and postgress usually is not accessible for clients only for backend. Security handled by backend mostly and there is a plenty of resources how to implement secure server side applications which discusses attack vectors and how to make secure apps. Thankfully to this thread I’ve got few good ideas, that may help to design secure couchdb architecture (such as remove _find endpoint) but I’ve not seen any in-depth document about couchdb.

> I feel like your thinking about Couch as exposing your entire PostgreSQL DB to the internet

No, why do you think so?