couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Cottlehuber (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1631) Require admin privileges to read _all_dbs
Date Tue, 18 Dec 2012 20:38:12 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13535282#comment-13535282
] 

Dave Cottlehuber commented on COUCHDB-1631:
-------------------------------------------

Let's say you have a cloud hosted application. A simple query to _all_dbs gives somebody a
list of the number of subscribers you have, and potentially from that list of DB names, may
be able to identify businesses or individuals who are actually using that service, if you're
using per-user DBs, which is a common couch scenario. You should have sensible precautions
in place to avoid this, of course.

@Benoit: Point taken about futon, can you expand on your suggestion? Do you mean let _all_dbs
work if the requesting url has _utils/ in it?

Seeing the DBs you have permissions for would be better. I don't see how to do this in a way
that doesn't require iterating over all DBs to retrieve roles and user access, which seems
a pretty bad approach, even if it were cached. This might be more workable in bigcouch, not
sure how DB security information is shared there.
                
> Require admin privileges to read _all_dbs
> -----------------------------------------
>
>                 Key: COUCHDB-1631
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1631
>             Project: CouchDB
>          Issue Type: New Feature
>          Components: HTTP Interface
>            Reporter: Dave Cottlehuber
>         Attachments: force_admins_only_for_all_dbs.diff
>
>
> The patch for this is straightforwards, & I think that this should actually be the
default behaviour in future. Comments?
> Note to self, docs, tests required once discussion is settled.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message