couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Cottlehuber (JIRA)" <>
Subject [jira] [Closed] (COUCHDB-1588) Only respond to _all_dbs request from server admin
Date Tue, 19 Feb 2013 10:21:12 GMT


Dave Cottlehuber closed COUCHDB-1588.

    Resolution: Duplicate
> Only respond to _all_dbs request from server admin
> --------------------------------------------------
>                 Key: COUCHDB-1588
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>    Affects Versions: 1.2
>            Reporter: Paul Capestany
>            Priority: Minor
> When spinning up a DB per user (or multiple DBs per user), it could be a matter of privacy
what the DBs are named if any registered user can get a list of all of the DBs by simply doing
a _all_dbs request. Similarly, for a successful app, competitors could use _all_dbs to get
potentially very important info about how many users you have, growth rate, etc.
> So, instead of trying to deal with this _all_dbs request issue via "_all_dbs should list
only the DBs accessible to the user" (,
why not just limit the response to only server admins?

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message