couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Klaus Trainer (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-1656) Anonymous Users and Non-Admins Can Read the Security Object
Date Mon, 28 Jan 2013 09:07:14 GMT
Klaus Trainer created COUCHDB-1656:
--------------------------------------

             Summary: Anonymous Users and Non-Admins Can Read the Security Object
                 Key: COUCHDB-1656
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1656
             Project: CouchDB
          Issue Type: Bug
          Components: Database Core
            Reporter: Klaus Trainer


It is possible that anonymous users are able to read a DB's security object if the security
object's `members` array is empty or missing. Also, it is generally possible for authenticated
members (non-admin users) to read  the security object.

Only admin users should be allowed to read the security object.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message