couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Capestany (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-1588) Only respond to _all_dbs request from server admin
Date Fri, 02 Nov 2012 19:21:13 GMT
Paul Capestany created COUCHDB-1588:
---------------------------------------

             Summary: Only respond to _all_dbs request from server admin
                 Key: COUCHDB-1588
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1588
             Project: CouchDB
          Issue Type: Improvement
    Affects Versions: 1.2
            Reporter: Paul Capestany
            Priority: Minor


When spinning up a DB per user (or multiple DBs per user), it could be a matter of privacy
what the DBs are named by any registered user simply doing a _all_dbs request. Similarly,
for a successful app, competitors could use _all_dbs to get potentially very important info
about how many users you have, growth rate, etc.

So, instead of trying to deal with this _all_dbs request issue via "_all_dbs should list only
the DBs accessible to the user" (https://issues.apache.org/jira/browse/COUCHDB-661), why not
just limit the response to only server admins?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message