couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Damien Katz (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COUCHDB-263) require valid user for all database operations
Date Thu, 18 Jun 2009 19:26:07 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12721425#action_12721425
] 

Damien Katz commented on COUCHDB-263:
-------------------------------------

This patch looks okay, but we actually need something like this at the database level, the
ability to say who can and can't access a database, and the ability to disallow anonymous
access.

> require valid user for all database operations
> ----------------------------------------------
>
>                 Key: COUCHDB-263
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-263
>             Project: CouchDB
>          Issue Type: Improvement
>          Components: HTTP Interface
>    Affects Versions: 0.9
>         Environment: All platforms.
>            Reporter: Jack Moffitt
>            Priority: Minor
>         Attachments: couchauth.diff
>
>
> Admin accounts currently restrict a few operations, but leave all other operations completely
open.  Many use cases will require all operations to be authenticated.   This can certainly
be done by overriding the default_authentication_handler, but I think this very common use
case can be handled in default_authentication_handler without increasing the complexity much.
> Attached is a patch which adds a new config option, "require_valid_user", which restricts
all operations to authenticated users only.  Since CouchDB currently only has admins, this
means that all operations are restricted to admins.  In a future CouchDB where there are also
normal users, the intention is that this would let them pass through as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message