I noticed that even after setting security in futon to readers only, I was still able to create and save documents. This is because anonymous users still have access to create documents on your database as readers. Being relatively new to couchdb, I spent some time reading docs and finally found a resolve to this issue. It turns out it isn’t that hard.
So every time your database is called CouchDB looks for a design document. In futon, if you navigate to _users you will noticed a design document for your admin users. It is set to an ID of _design/auth. You will have to create one of these for the database you want to make read-only.
Step 0.
Add an admin password and secure your server.
Step 1.
In futon, while viewing your DB, click “New Document”. Set the “_id” field to “_design/auth”.
Step 2.
Add a field titled “validate_doc_update” with the following data:
function(newDoc, oldDoc, userCtx) { if (userCtx.roles.indexOf('_admin') !== -1) { return; } else { throw({forbidden: 'This DB is read-only'}); } }
Your source should look similar to this if you did everything correctly:
