From dev-return-20686-apmail-couchdb-dev-archive=couchdb.apache.org@couchdb.apache.org Thu Feb 16 15:16:45 2012 Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EE797955E for ; Thu, 16 Feb 2012 15:16:44 +0000 (UTC) Received: (qmail 96636 invoked by uid 500); 16 Feb 2012 15:16:44 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 96604 invoked by uid 500); 16 Feb 2012 15:16:44 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 96590 invoked by uid 99); 16 Feb 2012 15:16:44 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Feb 2012 15:16:44 +0000 Received: from localhost (HELO mail-yx0-f180.google.com) (127.0.0.1) (smtp-auth username rnewson, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Feb 2012 15:16:44 +0000 Received: by yenr11 with SMTP id r11so1575424yen.11 for ; Thu, 16 Feb 2012 07:16:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.50.156.166 with SMTP id wf6mr18307269igb.20.1329405403080; Thu, 16 Feb 2012 07:16:43 -0800 (PST) Received: by 10.42.6.72 with HTTP; Thu, 16 Feb 2012 07:16:42 -0800 (PST) In-Reply-To: <1FE932A3-8DF7-4B8A-9E88-448FBA671F8F@apache.org> References: <1FE932A3-8DF7-4B8A-9E88-448FBA671F8F@apache.org> Date: Thu, 16 Feb 2012 15:16:42 +0000 Message-ID: Subject: Re: Issues blocking the 1.2.0 release From: Robert Newson To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable +1 On 16 February 2012 15:12, Jan Lehnardt wrote: > > On Feb 14, 2012, at 13:14 , Noah Slater wrote: > >> Devs, >> >> Please outline: >> >> =A0 - What remains to be fixed for regression purposes > > I want to bring up one more thing (sorry :). > > /_users/_changes is currently end-user readable. While /_users/_changes?i= nclude_docs=3Dtrue will not fetch docs the requesting user doesn't have acc= ess to, it still gets all doc ids in the /_users db and thus easily can gen= erate a list of all users. > > I'd like to propose to make /_user/_changes also admin-only before we shi= p 1.2.0. Again, I'm happy to revisit and make things configurable down the = road. > > Note that the information that a particular user is registered is leaked = (a user can't sign up with a username that is already taken, from that it c= an be deduced that that particular username is already registered). This is= in line with most signup systems. Making /_users/_changes admin-only doesn= 't prevent all leakage of what users have signed up, but it stops bulk-leak= age of *all* users in one swoop. > > What do you think? > > Cheers > Jan > -- > >