couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Issues blocking the 1.2.0 release
Date Thu, 16 Feb 2012 15:12:15 GMT

On Feb 14, 2012, at 13:14 , Noah Slater wrote:

> Devs,
> 
> Please outline:
> 
>   - What remains to be fixed for regression purposes

I want to bring up one more thing (sorry :).

/_users/_changes is currently end-user readable. While /_users/_changes?include_docs=true
will not fetch docs the requesting user doesn't have access to, it still gets all doc ids
in the /_users db and thus easily can generate a list of all users.

I'd like to propose to make /_user/_changes also admin-only before we ship 1.2.0. Again, I'm
happy to revisit and make things configurable down the road.

Note that the information that a particular user is registered is leaked (a user can't sign
up with a username that is already taken, from that it can be deduced that that particular
username is already registered). This is in line with most signup systems. Making /_users/_changes
admin-only doesn't prevent all leakage of what users have signed up, but it stops bulk-leakage
of *all* users in one swoop.

What do you think?

Cheers
Jan
-- 



Mime
View raw message