couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Issues blocking the 1.2.0 release
Date Tue, 14 Feb 2012 18:19:10 GMT

On Feb 14, 2012, at 19:13 , Randall Leeds wrote:

> On Tue, Feb 14, 2012 at 04:14, Noah Slater <nslater@tumbolia.org> wrote:
>> Devs,
>> 
>> Please outline:
>> 
>>   - What has been changed since round one of the 1.2.0 release
>>   - What remains to be fixed for regression purposes
>>   - Who is doing these fixes, and when will they be done by
>> 
>> Thanks,
>> 
>> N
> 
> I'd like to know if it was always the case that design doc actions on
> system dbs were inaccessible to non-admins or if that's just since the
> recent security changes. If it's recent, why was that part deemed
> necessary and can we remove it?

It is part of the recent changes and the reason is that a view potentially
leaks information about docs and we don't want that. I'm happy to relax this
later if we can convince people to write views that don't compromise their
security, but until then I opted for the more secure default.

Cheers
Jan
-- 



Mime
View raw message