couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <>
Subject Re: Issues blocking the 1.2.0 release
Date Tue, 14 Feb 2012 18:35:34 GMT
On Tue, Feb 14, 2012 at 10:19, Jan Lehnardt <> wrote:
> On Feb 14, 2012, at 19:13 , Randall Leeds wrote:
>> On Tue, Feb 14, 2012 at 04:14, Noah Slater <> wrote:
>>> Devs,
>>> Please outline:
>>>   - What has been changed since round one of the 1.2.0 release
>>>   - What remains to be fixed for regression purposes
>>>   - Who is doing these fixes, and when will they be done by
>>> Thanks,
>>> N
>> I'd like to know if it was always the case that design doc actions on
>> system dbs were inaccessible to non-admins or if that's just since the
>> recent security changes. If it's recent, why was that part deemed
>> necessary and can we remove it?
> It is part of the recent changes and the reason is that a view potentially
> leaks information about docs and we don't want that. I'm happy to relax this
> later if we can convince people to write views that don't compromise their
> security, but until then I opted for the more secure default.

I motion to remove this restriction now, unless there are actions on
the system dbs, installed by default, that leak anything at all.
I see the motivation but I feel it might be overly paranoid. Only an
admin can modify the ddocs. If a user decides to add views to
_replicator or _user they had best think about what they expose and to

If there's no objection I can try to tackle this in the evening.

View raw message