Security Best Practices
Best practices should be observed at all times, in order to ensure the security of Couchbase Server itself, the media it uses for data-persistence, the internal and external networks on which it resides, and the applications that query it.
Security must be enforced — in order to protect data from being stolen, eavesdropped upon, or corrupted — throughout the entire Couchbase Server-environment: this environment includes the internal memory, processing, and storage-facilities of individual server-nodes within a cluster; the network across which the nodes communicate with one another; and the network beyond the cluster-perimeter. Security procedures must be checked constantly; and should be upgraded with frequency.
Security must be maintained:
Across the network, by proper configuration of IP tables and ports.
Within individual applications, by performing user input validation.
In the cloud, through appropriate configuration of Network Access Control Lists (ACLs) and security groups, as well as Cross Datacenter Replication (XDCR).