couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Smith (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-1656) Anonymous Users and Non-Admins Can Read the Security Object
Date Mon, 28 Jan 2013 09:15:12 GMT


Jason Smith commented on COUCHDB-1656:

The _security object is similar to a normal document inside the database. (There has even
been discussion about moving security to a local document, _local/_security so it could have
some MVCC features).

So I think in general, if a user can read the database, or documents inside it, then they
can read the _security object too.

In other words, the primary secret of the CouchDB security model is users' passwords. Learning
the _security object (or the contents of validate_doc_update functions) should not alter the
secrecy or privacy of the data.
> Anonymous Users and Non-Admins Can Read the Security Object
> -----------------------------------------------------------
>                 Key: COUCHDB-1656
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Database Core
>            Reporter: Klaus Trainer
>         Attachments: 0001-Don-t-give-non-admins-read-access-to-db-_security.patch
> It is possible that anonymous users are able to read a DB's security object if the security
object's `members` array is empty or missing. Also, it is generally possible for authenticated
members (non-admin users) to read  the security object.
> Only admin users should be allowed to read the security object.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message