Securing the Raven Database

Question

I\'m trying to restrict access to our RavenDB to only one user. After altering the settings to secure the DB, I can still access the RavenDB management studio and I\'m not sure

Answer 1

RavenDB doesn't secure the Studio endpoint because that there is no need for you to do so. The Studio itself doesn't let you to do any thing if it doesn't has access to RavenDB.

If you still want to restrict access to the studio also, you can do that using IIS security, like a regular website. But keep in mind that there is no special reason to do so.

Answer 2

You say you are on build 573? That's very old. According to the release history it was published on 12/15/2011. There is a commit dated 2/22/2012 that says "Change Authorization to return 403 if user is not in group or users list". That's probably a fix that you need.

I would update to at least the last stable build - 1.0.960 and see if your issue persists.

If you're not in a production environment, now would be a good time to move to 2.0 unstable.