couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2452) Provide _users DB security when _users DB is on the clustered interface
Date Fri, 14 Nov 2014 19:35:35 GMT


ASF subversion and git services commented on COUCHDB-2452:

Commit 6266b95415f8c8d8cde49a8ce221e9d31ebf18b8 in couchdb-couch's branch refs/heads/2452-users-db-security-on-clustered-interface
from [~mikewallace]
[;h=6266b95 ]

Move admin ddoc check for _users DB to http layer

In order to restrict access to design documents in the
authentication DB to admins only we were checking whether a user
was admin in the couch_server callback. When running the auth DB
on the clustered interface this meant that admins could not read
the design doc because the user context was not being passed to
any of the calls to open the design doc.

One possible fix is to add the user context to all the clustering
code involving design doc access however given the amount of
plumbing here is fairly substantial the chances of getting it wrong
are rather high. The alternative is to move this check into the
http layer where we already have access to the user context.

This commit moves the admin check when accessing design docs in the
auth DB into couch_httpd_db (for the admin port).

A separate commit in couchdb-chttpd adds a similar check for
requests through the clustered port.

COUCHDB-2452 3/3

> Provide _users DB security when _users DB is on the clustered interface
> -----------------------------------------------------------------------
>                 Key: COUCHDB-2452
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Mike Wallace
> The authentication DB (default name _users) has special security semantics which are
currently only supported on the admin port (default 5986). Since we support using the _users
DB on the clustered port we should also ensure the same security semantics apply there.

This message was sent by Atlassian JIRA

View raw message