Sync Gateway Security


#1

Hi

We are planning to try testing the Couchbase Mobile solution

Since the Sync Gateway is a server which should be opne to the world - isnt it possible to hack it (or attachk is via DDOS for instance)?


#2

I don’t understand the point of your question — yes, any server that’s reachable from the outside can be attacked. That’s obvious.

We’re not aware of any vulnerabilities in the Sync Gateway. It’s written in the Go language, which is pretty high-level and robust (garbage collected, checks array bounds, etc.) so I’m pretty confident it’s secure. Also, all requests have to be authenticated unless you explicitly enable guest access.