couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Wallace (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2452) Provide _users DB security when _users DB is on the clustered interface
Date Fri, 14 Nov 2014 19:43:34 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212722#comment-14212722
] 

Mike Wallace commented on COUCHDB-2452:
---------------------------------------

This is now ready for review.

I have revised the approach I took to make the restricitons on non-admins reading design docs
apply via the clustered interface whilst still allowing admins access. The problem was that
the restriction to admins only was happening in the sys db callback [1]. This meant that even
admins were unable to open design docs because neither ddoc_cache nor any of the clustering
gloop uses the user context when opening the design doc.

The first approach I took was to modify ddoc_cache so it could accept and use the user context.
This proved problematic because it then required editing every function in fabric that was
in the path of any request which would need to open a design doc. This seemed like a lot of
changes just to support an area of functionality which is going to be used reasonably infrequently.

The alternative approach I have taken is to move the check for non-admin access to the authentication
DB into the http layer. This means that we have the user context available and can perform
the admin check before proceeding with the request. This results in a little duplication between
couch_httpd_db.erl and chttpd_db.erl which I can't cleanly generalise.

I'm not a huge fan of this approach either but it seems to be the least worst option. Would
be great if someone more experienced could come up with something better.

The relevant branch in ddoc_cache has therefore been deleted. The branches in couchdb-couch
and couchdb-chttpd have been re-written a little and the couchdb-couch-mrview branch is untouched
since I last commented.
 
[1] https://github.com/apache/couchdb-couch/blob/master/src/couch_users_db.erl#L87-L94

> Provide _users DB security when _users DB is on the clustered interface
> -----------------------------------------------------------------------
>
>                 Key: COUCHDB-2452
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2452
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Mike Wallace
>
> The authentication DB (default name _users) has special security semantics which are
currently only supported on the admin port (default 5986). Since we support using the _users
DB on the clustered port we should also ensure the same security semantics apply there.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message