*nudge*
I don't feel very confident with a single opinion (thanks Robert), and would love your input
on this one.
Cheers
Jan
--
On Feb 16, 2012, at 16:12 , Jan Lehnardt wrote:
>
> On Feb 14, 2012, at 13:14 , Noah Slater wrote:
>
>> Devs,
>>
>> Please outline:
>>
>> - What remains to be fixed for regression purposes
>
> I want to bring up one more thing (sorry :).
>
> /_users/_changes is currently end-user readable. While /_users/_changes?include_docs=true
will not fetch docs the requesting user doesn't have access to, it still gets all doc ids
in the /_users db and thus easily can generate a list of all users.
>
> I'd like to propose to make /_user/_changes also admin-only before we ship 1.2.0. Again,
I'm happy to revisit and make things configurable down the road.
>
> Note that the information that a particular user is registered is leaked (a user can't
sign up with a username that is already taken, from that it can be deduced that that particular
username is already registered). This is in line with most signup systems. Making /_users/_changes
admin-only doesn't prevent all leakage of what users have signed up, but it stops bulk-leakage
of *all* users in one swoop.
>
> What do you think?
>
> Cheers
> Jan
> --
>
>
|