Securing the Raven Database

我的梦境 提交于 2019-12-02 07:59:36

You say you are on build 573? That's very old. According to the release history it was published on 12/15/2011. There is a commit dated 2/22/2012 that says "Change Authorization to return 403 if user is not in group or users list". That's probably a fix that you need.

I would update to at least the last stable build - 1.0.960 and see if your issue persists.

If you're not in a production environment, now would be a good time to move to 2.0 unstable.

RavenDB doesn't secure the Studio endpoint because that there is no need for you to do so. The Studio itself doesn't let you to do any thing if it doesn't has access to RavenDB.

If you still want to restrict access to the studio also, you can do that using IIS security, like a regular website. But keep in mind that there is no special reason to do so.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!