couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joan Touzet (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-2390) Fauxton config, admin sections considered dangerous in 2.0
Date Mon, 01 Dec 2014 20:44:13 GMT


Joan Touzet commented on COUCHDB-2390:

Stopping by as the thread is quite long here. As the original requestor I agree with [~robertkowalski].

You can say in the UI that the page affects "the current node only" as [~garren] suggests,
but if you're hitting the cluster through a load balancer (as is recommended) you'll have
no control over which node you hit. Further, each node may be firewalled to prevent access
directly by an end user. Further there is no visual indication as to which node you're talking
to in this situation, so it's pointless to try and use the functionality. Given these limitations
I think having these pages available is actually worse than not providing them at all.

My recommendation is to remove this functionality until such time as we have a configuration
endpoint that allows you to set values on all nodes in a cluster at once (or, after cluster
expansion/node replacement, force values to be consistent across a cluster / to a specific
node). Once that's available we can resurrect these pages in a fashion that makes sense.

> Fauxton config, admin sections considered dangerous in 2.0
> ----------------------------------------------------------
>                 Key: COUCHDB-2390
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: BigCouch, Fauxton
>            Reporter: Joan Touzet
>            Assignee: Ben Keen
>            Priority: Blocker
> In Fauxton today, there is are 2 sections to edit config-file settings and to create
new admins. Neither of these sections will work as intended in a clustered setup.
> Any Fauxton session will necessarily be speaking to a single machine. The config APIs
and admin user info as exposed will only add that information to a single node's .ini file.
> We should hide these features in Fauxton for now (short-term fix) and correct the config
/admin creation APIs to work correctly in a clustered setup (medium-term fix).

This message was sent by Atlassian JIRA

View raw message