couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Garren Smith (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2390) Fauxton config, admin sections considered dangerous in 2.0
Date Mon, 24 Nov 2014 16:46:13 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14223121#comment-14223121
] 

Garren Smith commented on COUCHDB-2390:
---------------------------------------

I think the conversation on this ticket has digressed a little. This ticket is what to do
with the config section in Fauxton. 
I would like to keep the config section in Fauxton in for Couchdb 2.0. But we should state
in the config section that the changes the user is making is only for a specific node/server.
If we could add a dropdown link or something to get them to open up Fauxton to edit another
nodes config that could also be useful. 

If a user has enabled CORS Fauxton could make a config change to any node.

This is definitely not the perfect solution, but a workable solution for Couchdb 2.0. Then
with later releases once there is a supported api for configure global and local settings
we can change the config section accordingly.

> Fauxton config, admin sections considered dangerous in 2.0
> ----------------------------------------------------------
>
>                 Key: COUCHDB-2390
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2390
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: BigCouch, Fauxton
>            Reporter: Joan Touzet
>            Priority: Blocker
>
> In Fauxton today, there is are 2 sections to edit config-file settings and to create
new admins. Neither of these sections will work as intended in a clustered setup.
> Any Fauxton session will necessarily be speaking to a single machine. The config APIs
and admin user info as exposed will only add that information to a single node's .ini file.
> We should hide these features in Fauxton for now (short-term fix) and correct the config
/admin creation APIs to work correctly in a clustered setup (medium-term fix).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message