couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Davis <paul.joseph.da...@gmail.com>
Subject Re: Issues blocking the 1.2.0 release
Date Tue, 21 Feb 2012 19:13:47 GMT
+1 on the patch to require admin for _changes.

On Tue, Feb 21, 2012 at 3:36 AM, Jan Lehnardt <jan@apache.org> wrote:
> *nudge*
>
> I don't feel very confident with a single opinion (thanks Robert), and would love your
input on this one.
>
> Cheers
> Jan
> --
>
>
> On Feb 16, 2012, at 16:12 , Jan Lehnardt wrote:
>
>>
>> On Feb 14, 2012, at 13:14 , Noah Slater wrote:
>>
>>> Devs,
>>>
>>> Please outline:
>>>
>>>  - What remains to be fixed for regression purposes
>>
>> I want to bring up one more thing (sorry :).
>>
>> /_users/_changes is currently end-user readable. While /_users/_changes?include_docs=true
will not fetch docs the requesting user doesn't have access to, it still gets all doc ids
in the /_users db and thus easily can generate a list of all users.
>>
>> I'd like to propose to make /_user/_changes also admin-only before we ship 1.2.0.
Again, I'm happy to revisit and make things configurable down the road.
>>
>> Note that the information that a particular user is registered is leaked (a user
can't sign up with a username that is already taken, from that it can be deduced that that
particular username is already registered). This is in line with most signup systems. Making
/_users/_changes admin-only doesn't prevent all leakage of what users have signed up, but
it stops bulk-leakage of *all* users in one swoop.
>>
>> What do you think?
>>
>> Cheers
>> Jan
>> --
>>
>>
>

Mime
View raw message